ClearPoint Metrics is breaking new ground by delivering innovative, purpose-built software solutions to reliably & consistently measure, monitor, communicate & manage measurements
 
 
CLICK HERE to view the webinar, "Measurement Motivates" featuring Dr. Dan Geer, renowned metric and security expert.
November 18, 2008
ClearPoint Metrics and nCircle Collaborate to Deliver Performance and Risk Assessment Metrics
November 13, 2008
ClearPoint Releases Expanded Data Access Capabilities
October 29, 2008
Eli Kalil joins ClearPoint Metrics as Vice President of Business Development
Scorecards & Metrics
Click here to learn more...
 
Security Metrics Programs
Senior information technology security managers lead in the establishment of an effective information technology security strategy.  An overarching goal is to improve quality services while decreasing cost of delivery.  Within such, they have a clear requirement to better understand and communicate the organization's security posture, efficacy of policies, programs, and compliance efforts.  Security Performance Metrics are essential to accomplishing this. 

What are Security Performance Metrics and why do I need them?

Security performance metrics are quantitative measurements enriched with business context that provide comprehensive and contextual information on the current state and quality of an organization's security posture.  Metrics serve as performance indicators to provide insight into the:

  • Effectiveness of information technology security initiatives and programs
  • Impact that internal controls have on security and business operation
  • Effectiveness of security policies, processes, and procedures
  • Assessment of risk associated with resources, assets, and threats
  • Compliance with standards, regulations, and governance objectives

Security performance metrics are the most effective way to systematically and consistently measure, analyze, and improve an organization's programs for IT security, compliance, governance, and risk.

How do I use Security Performance Metrics?

Security performance metrics provide insight into the efficiency and effectiveness of your IT security internal controls.  They serve to provide both hard evidence supporting the existence of security controls and quantitative support for assessing their value.  Well-constructed metrics highlight concentrations of risk and progress toward goal attainment. They provide insight into the impact of investments made in people, processes, and technologies to ensure compliance, implement best practices, and mitigate risk.  Scorecards provide evidence of regular review, analysis, and adjustment of IT security controls. 

To be maximally effective, metrics are to be communicated clearly and unambiguously to a variety of target audiences and within their business context.   A scorecard is an ideal medium for the communication of results associated with a collection of related metrics.  A scorecard can be organized to show the impact that security internal controls have on both the security posture of your organization as well as the business process that are critical to it.

Below is a scorecard for a web portal manager to monitor the effectiveness of access controls for an externally facing web application.  In this particular example, the scorecard is composed of metrics to characterize portal usage, access controls, support workload, customer response service levels, and labor cost.

Learn about the requirements for an effective Security Metrics Program.
8 New England Executive Park, 3 rd Floor Suite 390, Burlington MA 01803
© Copyright 2004-2009 ClearPoint Metrics, Inc. Privacy Policy