The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
|
Metrics management techniques will provide a process for the ISSO to support InfoSec- and CIAPP-related decisions. The ISSO should understand the following points:
-
Metrics management is an excellent method to track InfoSec functions related to LOE, costs, use of resources, etc.
-
The information can be analyzed, and results of the analyses can be used to:
-
Identify areas where efficiency improvements are necessary;
-
Determine effectiveness of InfoSec functional goals;
-
Provide input for performance reviews of the InfoSec staff (a more objective approach than subjective performance reviews of today's ISSOs); as well as
-
Indicate where InfoSec service and support to IWC requires improvement, meets its goals, etc.
-
|