An appropriate security metrics program help you to be in strategic alignment with business objectives and to control security risks in a more cost-effective fashion. This tool is designed to help you identify and build up a right-sized security metrics program for your organization.
This tool will help you:
- Identify which security functions your organization is going to measure
- Examine and determine which business objectives each security function can contribute to
- Outline the ways that security can contribute by creating security objectives
- Identify current maturity level and set up the target maturity level
- Outline the metrics selected to measure the security function toward your security objectives
- Give concise description to your metrics
- Identify the metrics type and identify the metrics view type
- Identify the appropriate audience for the metrics
- Select an appropriate reporting frequency
- Define who is going to responsible for the metrics
- Indicate the source(s) of information for each metric
If not measured, either your SOF is not effective at all, or your SOF has unknown effectiveness.