KPI Dictionary ABRIDGED SAMPLE. A KPI Reference Guide for Use in Performance Management. Information Technology (IT)

Transcription

1 KPI Dictionary Information Technology (IT) A KPI Reference Guide for Use in Performance Management ABRIDGED SAMPLE Do you need a customized KPI Dictionary for your organization? Contact us - we're ready to help. Call: info@opsdog.com Prepared for J. Smith

2 Table of Contents Information Technology (IT): KPI Dictionary SAMPLE Data Dictionary Legend Information Technology (IT) - KPI Reference A. Information Security B. Desktop Support # C. Application Development # D. Application Management # E. Infrastructure Management # F. IT Procurement # G. IT Project Management # This content may not be copied, distributed, republished, uploaded, posted or transmitted in any way without the prior written consent of OpsDog, Inc. 1

3 Data Dictionary Legend How to Use & Interpret This Data Dictionary SAMPLE = Data Available for Benchmarking A unique identifier for the KPI. The title of the KPI. The organizational area that the KPI is most closely related to. A concise definition for the KPI. Indicates the broad operational focus on the KPI. Indicates whether a high or low value for the KPI suggests high performance. Reasoning related to why the KPI should be implemented and monitored. Rules related to correctly calculating a numeric value for the KPI. The mathematical formula that should be used to derive the KPI. A1 Mean Time to Incident Detection The average amount of time (measured in minutes) required for the network administrator to detect a security incident from the time that the incident occurs until the time that the security incident is detected by the network administrator. Directional Significance: Low is Best This metric measures the risks associated with undetected security incidents by an organization's network administrator. When a security incident is undetected, the network administrator cannot take any action to block the threat or mitigate any damage that the security incident has already incurred. The point in time of two events are used to derive the mean time to detect a security incident: (1) the time the security incident occurs, and (2) the time that the security incident is detected by the network administrator. A security incident should be considered an event that alters the integrity, privacy, or availability of an electronic resource in a manner outside of the original IT system specifications. Vectors of security incidents include, but are not limited to, hacking, execution of malicious code, social engineering, network intrusion, and credential theft. An incident may be actively reported (e.g. by a third-party security service), or passively discovered through regularly scheduled system audits. (Sum of Time to Detect a Security Incident / Total Number of Security Incidents Detected) 2

4 SAMPLE Information Technology (IT) Information Technology (IT) A. Information Security B. Desktop Support C. Application Development D. Application Management E. Infrastructure Management F. IT Procurement G. IT Project Management KPIs Included: A1. Mean Time to Incident Detection A2. Time Between Security Incidents A3. Mean Time to First Exploit A4. Percentage of Security Incidents Detected by Perimeter Security Measures A5. Security Incident False Positive Rate A6. Number of Repeating Security Incidents A7. Number of Security Incidents Related to Recent Releases A8. Number of Instances of Unusual Outbound Network Traffic in Last 7 Days A9. Number of Known Vulnerabilities Outstanding A10. Percentage of User Accounts with Access to Sensitive Data A11. Number of Rogue Access Points Identified A12. Percentage of Systems With Monitored Event and Activity Logs 3

5 SAMPLE Information Security Information Technology (IT): KPI Dictionary = Data Available for Benchmarking A1 Mean Time to Incident Detection The average amount of time (measured in minutes) required for the network administrator to detect a security incident from the time that the incident occurs until the time that the security incident is detected by the network administrator. Directional Significance: Low is Best This metric measures the risks associated with undetected security incidents by an organization's network administrator. When a security incident is undetected, the network administrator cannot take any action to block the threat or mitigate any damage that the security incident has already incurred. The point in time of two events are used to derive the mean time to detect a security incident: (1) the time the security incident occurs, and (2) the time that the security incident is detected by the network administrator. A security incident should be considered an event that alters the integrity, privacy, or availability of an electronic resource in a manner outside of the original IT system specifications. Vectors of security incidents include, but are not limited to, hacking, execution of malicious code, social engineering, network intrusion, and credential theft. An incident may be actively reported (e.g. by a third-party security service), or passively discovered through regularly scheduled system audits. (Sum of Time to Detect a Security Incident / Total Number of Security Incidents Detected) A2 Mean Time Between Security Incidents The average amount of time (measured in days) elapsed between system security incidents, measured from the moment the security incident is detected, until the time that the following security incident is detected. (includes the time required to run any security patches and system updates after the first incident). Directional Significance: High is Best This metric measures the average change in system security following a security patch or other update. For instance, a shorter Mean Time Between Security Incidents might indicate that over a number of incidents, previously installed security patches were either ineffective, or opened the system up to new security risks. The calendar dates of two events are used to derive time between incidents: (1) the time that the system being examined experienced the first security incident, and (2) the time that the next incident of the same system occurred. Time between security incidents is the difference of these two calendar dates. A security incident should be considered an event that alters the integrity, privacy, or availability of an electronic resource in a manner outside of the original IT system specifications. Vectors of security incidents include, but are not limited to, hacking, execution of malicious code, social engineering, network intrusion, and credential theft. An incident may be actively reported (e.g. by a third-party security service), or passively discovered through regularly scheduled system audits. (Sum of time between security incidents for all systems) / (Number of security incidents that occurred during examination period across all support systems - 1) 4