Key Performance Indicators

Measuring Delivery Value - Part IV

Performance measurement is a control activity. Measurement techniques are the means for effective information security performance monitoring. “Selective measurement utility is realized when a critical few indicators permit accurate and timely information for decision-making and, by extension, appropriate information assets protection.” KPIs provide the critical measuring technique for aligned objectives and goals. Adequate KPIs permit comparative analysis for assessing resource deployment and utilization success. When processes are evaluated within the pre-established context, KPIs enable rapid resource mobilization, substitution and/or elimination for organizational objectives fulfillment.

“View Part I of the Measuring Delivery Value series here“

Measuring Performance - Part IV

Selective measurement utility is realized when a critical few indicators permit accurate and timely information for decision-making and, by extension, appropriate information assets protection. Individually, measurement techniques are the means for effective IT security performance monitoring. Collectively, IT security services financial management and maturity modeling are powerful high-level tools for assessing the achievement of objectives and goals.

“View Part I of the Measuring Performance series here“

Measuring Performance - Part III

IT security maturity modeling can measure the established control environment and controls within processes. Typically, the defined maturity modeling scale addresses entity-centric processes from an ad hoc to an optimized level. Specifically, a robust maturity model furnishes high-level guidance that aids in appreciating what is required for productive IT safeguarding. Furthermore, an entity-centric service maturity model equips management with the ability to position information assets protection on the maturity scale. Beneficially, after identifying critical IT processes and related controls, maturity modeling enables gaps in capabilities to be identified and presented to management through benchmarking, while illuminating necessary service improvements. Action plans can then be developed to bring identified processes within the desired IT security services target level.

Benchmarking (also known as “best practice benchmarking” and “process benchmarking”) is a process primarily employed for strategic management, in which entities evaluate various aspects of active processes in relation to best practices, usually within their designated business sector. This then allows an entity to develop plans on how to adopt accepted best practices, typically with the intent of improving some facet of performance. Benchmarking may be a singular event, but is commonly treated as a repetitious process in which entities continually seek to challenge their practices.

“View Part I of the Measuring Performance series here“

Measuring Performance - Part II

Financially-related information is generated to establish cost-oriented steering towards achieving entity-centric objectives and goals. Generally, aggressive expenses administration and accurate costs redistribution improve financial resources availability. However, the IT security financial management process for service delivery and support should redress entity-centric cost accounting requirements.

Financial budgeting is the generally accepted means to quantify forecasted activity for a program. Through subsequent utilization, program budgeting provides the ability to determine the cost effectiveness of an entire IT security program or single process. Judicious financial management requires devising financial measures, allocating direct and indirect total and per unit costs for producing services, evaluating costs saved or avoided and benefits generated. Budgeted technical support should have a direct correlation with the service operating plan to avoid under or over allocation of resources. Consequently, variances within the budget should be performed to monitor spending. In addition, IT security management should review cost-benefit analyses to verify appropriate expenditure justifications.

“View Part I of the Measuring Performance series here“

Measuring Performance - Part I

Though IT security service management can include a plethora of indicators, adequate service value measurement is not demonstrated in the sheer number of indicators considered. Practical IT security service delivery and support utilization requires identification of a critical few measurement indicators in each of the relevant measurement domains that align security initiatives to targeted processes and activities. At the detail-level, these few critical measurements represent key performance indicators tailored to gauge objective achievement elements. To effectively drive performance alignment, entities should utilize IT configuration expected outcomes to enable multiple measurements identification so the positive impact safeguarding investments contribute are visible.