IT Security KPI’s

  • 29 Jan, 2025
  • 2 read time
  • Blog

IT Security KPI’s

Key performance indicators (KPIs) as a means of monitoring cybersecurity effectiveness.

One of the most important responsibilities and responsibilities that every IT infrastructure manager is called upon to fulfill is the quantification of security and the summary report on whether it is improving and in which areas.

Simply referring to products operating in the infrastructure is not enough to provide a quantitative and qualitative impression to management or executives. The procurement and use of the best solutions on the market does not necessarily certify that they have been implemented effectively, nor do they provide data on the evolutionary course of security for the previous period.

  • How effective is my antivirus solution?
  • What is the trend and effectiveness of this software?
  • Does it reduce incidents and infections per month?
  • What is the number of infections per month and/or per user that I can accept before deciding on changes or improvements?
  • How effective is the Cyber ​​training I implement for my users?
  • Do many of them participate?
  • To what extent?
  • Even if all employees participated, did their errors and any infections decrease or increase?
  • If while I am training my users, their errors increase, obviously the training material should be improved or a specialized partner should be used for internal presentations.
  • Is the business continuity policy that I designed and have been implementing for the last 12 months effective and to what extent?
  • With what percentage of coverage did I start 12 months ago for backup and what percentage am I at now?
  • Do I cover 80% or 90% of my critical systems with backup?
  • 6 months ago, did I cover more systems? If so, does the policy require immediate improvement.
  • How many monthly restore tests did I implement in the previous 12 months and how many failed?

Similar measurements are required in any mature infrastructure as it needs to continuously improve and adapt to new threats. The Plan-Do-Check-Act cycle is supported by the necessary measurements (KPIs) at each step as a guide for self-improvement.

Complacency statements such as “We are good at Security”, “We are covered in this area” or “I have antivirus & firewall, I don’t need anything else” are obviously not valid by definition but to the extent that they are true they should be accompanied by the appropriate measurements. These should clearly show the direction as evidence for the next steps over the course of 12 months.

CBS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.