Sicherheit

Information Security Risk Best Practices

07.08.2003

Gartner describes a variety of metrics, categorized using the information security total cost of ownership chart of accounts, that enterprises can implement to help them in this effort:

One can turn to numerous places for the raw data, including:

Action Item: Establish critical effectiveness metrics for each information security policy. Ensure audit logs are in place for all mission-critical applications and systems. Begin moving toward a centralized reporting facility for such log entries.

Information Security Metrics, Scorecards and Dashboards

Metrics, scorecards and "dashboards" are becoming a popular approach for informing all levels of management of the overall status of the information security program. The technical and operational groups as well as the strategic, planning, and management groups should have such dashboards to manage their own view of the information security risk management program (see Figure 3).

Multiple technical dashboards might be used for specific activities. The technical dashboards will feed into a strategic and management dashboard that measures the effectiveness of the information security risk management program and is used for security breach investigation purposes.

Zur Startseite