IT Governance, Risk, and Compliance » CE http://itknowledgeexchange.techtarget.com/it-governance Mon, 17 Jun 2013 01:33:42 +0000 en-US hourly 1 Measuring Performance – Part IV http://itknowledgeexchange.techtarget.com/it-governance/measuring-performance-part-iv/ http://itknowledgeexchange.techtarget.com/it-governance/measuring-performance-part-iv/#comments Tue, 14 Apr 2009 01:08:28 +0000 Robert Davis http://itknowledgeexchange.techtarget.com/it-governance/?p=116 Selective measurement utility is realized when a critical few indicators permit accurate and timely information for decision-making and, by extension, appropriate information assets protection. Individually, measurement techniques are the means for effective IT security performance monitoring. Collectively, IT security services financial management and maturity modeling are powerful high-level tools for assessing the achievement of objectives and goals.

“View Part I of the Measuring Performance series here

]]> http://itknowledgeexchange.techtarget.com/it-governance/measuring-performance-part-iv/feed/ 0 Measuring Performance – Part III http://itknowledgeexchange.techtarget.com/it-governance/measuring-performance-part-iii/ http://itknowledgeexchange.techtarget.com/it-governance/measuring-performance-part-iii/#comments Thu, 09 Apr 2009 19:10:14 +0000 Robert Davis http://itknowledgeexchange.techtarget.com/it-governance/?p=114 IT security maturity modeling can measure the established control environment and controls within processes. Typically, the defined maturity modeling scale addresses entity-centric processes from an ad hoc to an optimized level. Specifically, a robust maturity model furnishes high-level guidance that aids in appreciating what is required for productive IT safeguarding. Furthermore, an entity-centric service maturity model equips management with the ability to position information assets protection on the maturity scale. Beneficially, after identifying critical IT processes and related controls, maturity modeling enables gaps in capabilities to be identified and presented to management through benchmarking, while illuminating necessary service improvements. Action plans can then be developed to bring identified processes within the desired IT security services target level.

Benchmarking (also known as “best practice benchmarking” and “process benchmarking”) is a process primarily employed for strategic management, in which entities evaluate various aspects of active processes in relation to best practices, usually within their designated business sector. This then allows an entity to develop plans on how to adopt accepted best practices, typically with the intent of improving some facet of performance. Benchmarking may be a singular event, but is commonly treated as a repetitious process in which entities continually seek to challenge their practices.

“View Part I of the Measuring Performance series here

]]> http://itknowledgeexchange.techtarget.com/it-governance/measuring-performance-part-iii/feed/ 0