- Overview of Metrics Program
- Purpose, Approach, and Objectives
- Benefits of Using Metrics
- Metrics Types
- Data Management Concerns
- Stakeholder Interest Identification
- Goals and Objectives Definition
- Security Policies, Guidance, and Procedures Review
- System Security Program Implementation Review
- Metrics Development and Selection
- Establishing Performance Targets
- Feedback within Metrics Development Process
- Metrics Program Implementation
Purpose, Approach, and Objectives
The purpose of measuring performance is to monitor the status of measured activities and to assist improvement in those activities by applying corrective actions, based on observed measurements.
Security metrics can be obtained at different levels within an organization. Detailed metrics, collected at the system level, can be aggregated and rolled up to progressively higher levels, depending on the size and complexity of an organization.
Security performance objectives enable the accomplishment of goals by identifying practices defined by security policies, standards and procedures that direct consistent implementation of security controls across the organization.
These goals and objectives are to be outlined in policies, standards, and procedures and metrics are then to be built to measure the effectiveness of the controls that are in place to accomplish these goals and objectives.