if you can get hold on the ISO 27004 document, it is a good guideline on how to
establish KPIs based on the BS7799 standard
Muhamand Wilkes <m_wilkes@hotmail.com> wrote:
Number of Confirmed Incidents is a good metric, and a compliance percentage
against the latest (or most common) vulnerabilities is another.
Muhamand Wilkes
CENTCOM 160th Sig BDE IAD (Contractor)
"That boy was a genius, booked the number wit out paper or pencil."
-Richard Pryor
---------------------------------
From: "Salaets, Steven" <steven.salaets@windriver.com>
To: <security-management@securityfocus.com>
Subject: Key Performance Indicators Information Security
Date: Sat, 3 Jun 2006 22:48:31 -0700
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.26]) by
bay0-mc9-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Jun
2006 17:17:32 -0700
Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via
smtpd (for bay0-mc9-f.bay0.hotmail.com [65.54.245.8]) with ESMTP; Tue, 6 Jun
2006 17:10:53 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])by outgoing2.securityfocus.com (Postfix) with SMTP id
351C514F74Cfor <m_wilkes@hotmail.com>; Tue, 6 Jun 2006 17:45:28 -0600 (MDT)
Received: (qmail 11757 invoked by alias); 7 Jun 2006 01:03:01 -0000
Received: (qmail 11894 invoked from network); 4 Jun 2006 06:37:49 -0000
All,
I am currently establishing a set of key performance indicators for our
security office and while looking around for general practices etc I get
the impression there is not much available out there. (or did I look in
the wrong places? ) Anybody has some feedback or online resources on
KPI's within Information Security?
-steven
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
