The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
|
Based on what you have read, consider the following questions and how you would reply to them:
-
Do you use formal metrics management techniques?
-
If not, why not?
-
If so, are they used to brief management?
-
Are each of your InfoSec functions documented not only in work instructions but also in process flowcharts?
-
Do you use similar charts to document the InfoSec functional LOE?
-
What other charts would you develop for each of the ISSO functions?
-
Do you have at least one metrics chart to track costs of each InfoSec function?
-
How would you use metrics management charts to justify your budget requests?
-
How would you use metrics management charts to justify the number of your staff?
-
How many charts, by function and description, would you want to use as an ISSO?
|