Build a Security Metrics Program to Drive Maturity

Good metrics come from good goals.

Onsite Workshop

Lack of a metrics program makes it difficult to assess how well the security program is doing on a day-to-day basis and stifles opportunities to measure improvement over time and can lead to:

  • Lack of maturity.
  • Inability to explain value of security.
  • No objective way to measure progress or improvements.

A goals-based metrics program will help to:

  • Increase business-security alignment.
  • Explain what security is doing and its overall effect on the organization.
  • Allow you to prioritize security goals and measure progress to completion.
  • Provide you with greater insight into the program and how performance in one area influences others.

Module 1: Current State, Initiatives, and Goals

The Purpose

Create a prioritized list of goals to improve the security program’s current state.

Key Benefits Achieved

Insight into the current program and the direct it needs to head in.

Activities: Outputs:
1.1 Discuss current state and existing approach to metrics.
1.2 Review contract metrics already in place (or available).
1.3 Determine security areas that should be measured.
1.4 Determine what stakeholders are involved.
1.5 Review current initiatives to address those risks (security strategy, if in place).
  • Gap analysis results
1.6 Begin developing SMART goals for your initiative roadmap.
  • SMART goals

Module 2: KPI Development

The Purpose

  • Develop unique KPIs to measure progress against your security goals.

Key Benefits Achieved

  • Learn how to develop KPIs
  • Prioritized list of security goals

Activities: Outputs:
2.1 Continue SMART goal development.
2.2 Sort goals into types.
2.3 Rephrase goals as KPIs and list associated metric(s).
  • KPI Evolution Worksheet
2.4 Continue KPI development.

Module 3: Metrics Prioritization

The Purpose

Determine which metrics will be included in the initial program launch.

Key Benefits Achieved

A set of realistic and manageable goals-based metrics.

Activities: Outputs:
3.1 Lay out prioritization criteria.
3.2 Determine priority metrics (implementation).
  • Prioritized metrics
3.3 Determine priority metrics (improvement & organizational trend).
  • Tool for tracking and presentation

Module 4: Metrics Reporting

The Purpose

Strategize presentation based around metric type to indicate organization’s risk posture.

Key Benefits Achieved

Develop versatile reporting techniques

Activities: Outputs:
4.1 Review metric types and discuss reporting strategies for each.
4.2 Develop a story about risk.
4.3 Discuss the use of KPXs and how to scale for less mature programs.
  • Key Performance Index Tool and presentation materials

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
GET HELP Contact Us
×
VL Methodology