SlideShare a Scribd company logo

Cyber metrics for KPIs and KRIs to measure risks and highlight trends

Download as PPTX, PDF
Skillweed
Skillweed

Cyber metrics for KPIs and KRIs to measure risks and highlight trends

Technology
1 of 16
1
2
Performance and risk indicators are essential business measurements that make a significant distinction to how organizations are governed. Measurements provide insights in the way an organizational system operates using metrics that are translated into KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators). They are critical to the measurement and monitoring of risk and performance optimization. When metrics measure the achievement of the desired state they become performance indicators. These metrics help in effectively reporting the risk management performance results They provide early warnings regarding an increased risk exposure in certain areas, becoming key risk indicators.
Enable regular review of risk trends and better visibility of technology risk and vulnerabilities Enables increased accountability and improved technology risk management effectiveness Assists in management review and providing decision indicators for continual improvement of technology risk management Provides inputs for prioritizing resource allocation decisions Assists in streamlining risk communications Contributes to overall cost savings and increased risk management efficiency Benefits of Effective risk Metrics
It measures the performance of any operational function, cybersecurity or otherwise. KPIs establishes and demonstrates how effective an organization function is performing Did the organization achieved its established goals, exceeded those, or missed it? If missed or exceeded, then it also highlights by how much. One needs to identify few critical KPIs for a specific project, task, or process. KPI expresses the achievement of the desired level of results KPIs are a quantitative measure of highlighting the success or failure of target goal achievement.
They are predictors of unfavorable events that can negatively affect organization. They monitor changes in the levels of risk exposure and contribute to the early warning signs that enable organizations to report risks, prevent crises and mitigate them in time. KRI measures the risk associated in the accomplishment of a specific project, task, or process. They are established to quantify and proactively monitor the level of risk They highlight when “The Risk” of a project, task, or process has stepped out of our comfort zone, in technical terms this is referred to as “out of your risk-appetite” boundary. They act as metrics of changes in an organization’s risk profile. It is critical to the measurement and monitoring of risk and performance optimization.
KRI ensures that risks are identified, monitored, and remediated before they become a mess. It plays an influential role in risk management It provides visibility into the organization’s risk and control environment and processes.
KRIs are typically measurable They can be quantified in terms of percentages, numbers They are predictable and are often used as early warning signals They impact organizational achievements and objectives KRIs are informative and act as a catalyst for decision making.
Number of system backup failures – upgraded software can results in backup failures Number of active database administrator accounts – Default admin accounts means if an event occurs, it isn’t possible to point back to individual Number of application in the organization without a service level agreement ( SLA ) – You may be engaging with a high risk vendor if there is no SLA, They aren’t obligated to adhere to your regulation, thereby interrupting your business. Number of concurrent systems using the same login – It shows that the employee has shared their login credentials with unauthorized individuals
Early warning sensors – Signal changes in risk: increase in the probability or in impact, before the risk materializes. Must address risks, not events – KRI are metrics capturing risk drivers or proxies of these risk drivers. Specific to each activity – Specific to each risk, and to specific weaknesses and culture of different institutions. Best identified via data analysis and experience – Business experience complements the lack of data. Data analysis: to confirm business intuition, and uncover other effects. May need heavy data collection – The trade-off to operate between the value of information collected and its cost of collection. Better if automated.
Must be easy to use and timely – Should match the cycle of the activity Must help business decision – The rules of reporting apply to KRIs: only keep reports that do influence business decisions. Thresholds linked to risk appetite – Typically, lower threshold for core business (low risk), but not always. 100% (or about) target reliability does not mean 100% for all indicators; but only so collectively. Must be back tested for validity – How do you know it works? An essential question in risk management.
Features to Identify, Select and Design effective KRIs May need heavy data collection - The trade-off to operate between the value of information collected and its cost of collection. Better if automated. Must be easy to use and timely - Should match the cycle of the activity Must help business decision - The rules of reporting apply to KRIs: only keep reports that do influence business decisions. Thresholds linked to risk appetite - Typically, lower threshold for core business (low risk), but not always. 100% (or about) target reliability does not mean 100% for all indicators; but only so collectively. Must be back tested for validity - How do you know it works? An essential question in risk management.
14 Breakout Session 1. What is a KRI? 2. Kindly state KPI. 3. Kindly state Characteristic Features of KRIs 4. What is the Purpose of a KRI
15 Reference:
16 Thank You!!! Contact us: info@skillweed.com

Recommended

DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 
Risk View - InfoSec intro
Risk View - InfoSec introRisk View - InfoSec intro
Risk View - InfoSec introcswinney
 
Risk View Info Sec Intro 3.4.10
Risk View Info Sec Intro 3.4.10Risk View Info Sec Intro 3.4.10
Risk View Info Sec Intro 3.4.10cswinney
 
Risk Assessment Framework
Risk Assessment FrameworkRisk Assessment Framework
Risk Assessment FrameworkJhurt7103
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxPandiya Rajan
 
The Importance of Key Risk Indicators in Risk Management
The Importance of Key Risk Indicators in Risk ManagementThe Importance of Key Risk Indicators in Risk Management
The Importance of Key Risk Indicators in Risk Management360factors
 
Success by integrating risk management in data governance
Success by integrating risk management in data governanceSuccess by integrating risk management in data governance
Success by integrating risk management in data governanceTejasvi Addagada, CBAP
 
Allgress_Brochure
Allgress_BrochureAllgress_Brochure
Allgress_BrochureLouis Backover
 

Recommended

DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 
Risk View - InfoSec intro
Risk View - InfoSec introRisk View - InfoSec intro
Risk View - InfoSec introcswinney
 
Risk View Info Sec Intro 3.4.10
Risk View Info Sec Intro 3.4.10Risk View Info Sec Intro 3.4.10
Risk View Info Sec Intro 3.4.10cswinney
 
Risk Assessment Framework
Risk Assessment FrameworkRisk Assessment Framework
Risk Assessment FrameworkJhurt7103
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxPandiya Rajan
 
The Importance of Key Risk Indicators in Risk Management
The Importance of Key Risk Indicators in Risk ManagementThe Importance of Key Risk Indicators in Risk Management
The Importance of Key Risk Indicators in Risk Management360factors
 
Success by integrating risk management in data governance
Success by integrating risk management in data governanceSuccess by integrating risk management in data governance
Success by integrating risk management in data governanceTejasvi Addagada, CBAP
 
Allgress_Brochure
Allgress_BrochureAllgress_Brochure
Allgress_BrochureLouis Backover
 
Grc and is audit
Grc and is auditGrc and is audit
Grc and is auditBIBEKCHAUDHARYBScHon
 
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdf
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdfGRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdf
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdfUnder Controls
 
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...PMI Indonesia Chapter
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554P Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
Qpr 8 Risk Management And Compliance Solution
Qpr 8 Risk Management And Compliance SolutionQpr 8 Risk Management And Compliance Solution
Qpr 8 Risk Management And Compliance SolutionIycon India
 
How to Reduce Risk in FinTech Operations
How to Reduce Risk in FinTech OperationsHow to Reduce Risk in FinTech Operations
How to Reduce Risk in FinTech Operations360factors
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docxGenevieveGo3
 
task 1
task 1task 1
task 1BIBEKCHAUDHARYBScHon
 
GRC tools
GRC toolsGRC tools
GRC toolsRahulTripathi330262
 
Erm talking points
Erm talking pointsErm talking points
Erm talking pointsEnterpriseGRC Solutions, Inc.
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
 
My Vision
My VisionMy Vision
My Visionmelynch
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2Perficient, Inc.
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artokAndrew Simpson
 
Insights on grc grc technology au1488
Insights on grc grc technology au1488Insights on grc grc technology au1488
Insights on grc grc technology au1488Ashwin Kumar
 
Operational Resilience for Organizations.pptx
Operational Resilience for Organizations.pptxOperational Resilience for Organizations.pptx
Operational Resilience for Organizations.pptxOrlando Trajano
 
Dealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem RiskDealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem RiskFinancial Services Innovators
 
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHSAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHAMITTIWARI620759
 
Performance Measurement
Performance MeasurementPerformance Measurement
Performance Measurementlleuciuc1
 
Steps to effective Problem solving
Steps to effective Problem solvingSteps to effective Problem solving
Steps to effective Problem solvingSkillweed
 
Vision to Action
Vision to ActionVision to Action
Vision to ActionSkillweed
 

More Related Content

Similar to Cyber metrics for KPIs and KRIs to measure risks and highlight trends

GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdf
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdfGRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdf
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdfUnder Controls
 
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...PMI Indonesia Chapter
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
Qpr 8 Risk Management And Compliance Solution
Qpr 8 Risk Management And Compliance SolutionQpr 8 Risk Management And Compliance Solution
Qpr 8 Risk Management And Compliance SolutionIycon India
 
How to Reduce Risk in FinTech Operations
How to Reduce Risk in FinTech OperationsHow to Reduce Risk in FinTech Operations
How to Reduce Risk in FinTech Operations360factors
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docxGenevieveGo3
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
 
My Vision
My VisionMy Vision
My Visionmelynch
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2Perficient, Inc.
 
Insights on grc grc technology au1488
Insights on grc grc technology au1488Insights on grc grc technology au1488
Insights on grc grc technology au1488Ashwin Kumar
 
Operational Resilience for Organizations.pptx
Operational Resilience for Organizations.pptxOperational Resilience for Organizations.pptx
Operational Resilience for Organizations.pptxOrlando Trajano
 
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHSAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHAMITTIWARI620759
 
Performance Measurement
Performance MeasurementPerformance Measurement
Performance Measurementlleuciuc1
 

Similar to Cyber metrics for KPIs and KRIs to measure risks and highlight trends (20)

Grc and is audit
Grc and is auditGrc and is audit
Grc and is audit
 
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdf
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdfGRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdf
GRC Tools_ A Must-Have for Any Organization in a Regulated Industry.pdf
 
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessment
 
Qpr 8 Risk Management And Compliance Solution
Qpr 8 Risk Management And Compliance SolutionQpr 8 Risk Management And Compliance Solution
Qpr 8 Risk Management And Compliance Solution
 
How to Reduce Risk in FinTech Operations
How to Reduce Risk in FinTech OperationsHow to Reduce Risk in FinTech Operations
How to Reduce Risk in FinTech Operations
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docx
 
task 1
task 1task 1
task 1
 
GRC tools
GRC toolsGRC tools
GRC tools
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq Hanaysha
 
My Vision
My VisionMy Vision
My Vision
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artok
 
Insights on grc grc technology au1488
Insights on grc grc technology au1488Insights on grc grc technology au1488
Insights on grc grc technology au1488
 
Operational Resilience for Organizations.pptx
Operational Resilience for Organizations.pptxOperational Resilience for Organizations.pptx
Operational Resilience for Organizations.pptx
 
Dealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem RiskDealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem Risk
 
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHSAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
 
Performance Measurement
Performance MeasurementPerformance Measurement
Performance Measurement
 

More from Skillweed

Steps to effective Problem solving
Steps to effective Problem solvingSteps to effective Problem solving
Steps to effective Problem solvingSkillweed
 
Vision to Action
Vision to ActionVision to Action
Vision to ActionSkillweed
 
key metrics and process in cyber security case scenario
key metrics and process in cyber security case scenario key metrics and process in cyber security case scenario
key metrics and process in cyber security case scenario Skillweed
 
Two Words to Keep away from and Power Verbs to use Instead
Two Words to Keep away from and Power Verbs to use InsteadTwo Words to Keep away from and Power Verbs to use Instead
Two Words to Keep away from and Power Verbs to use InsteadSkillweed
 
Things Good Leaders Do When Facing Obstacles
Things Good Leaders Do When Facing ObstaclesThings Good Leaders Do When Facing Obstacles
Things Good Leaders Do When Facing ObstaclesSkillweed
 
Toughness and resilience Leadership
Toughness and resilience LeadershipToughness and resilience Leadership
Toughness and resilience LeadershipSkillweed
 
Common Resume mistakes
Common Resume mistakes Common Resume mistakes
Common Resume mistakes Skillweed
 
Keys to effective relationship building
Keys to effective relationship buildingKeys to effective relationship building
Keys to effective relationship buildingSkillweed
 
Five tips to be efficient using gmail
Five tips to be efficient using gmailFive tips to be efficient using gmail
Five tips to be efficient using gmailSkillweed
 

More from Skillweed (9)

Steps to effective Problem solving
Steps to effective Problem solvingSteps to effective Problem solving
Steps to effective Problem solving
 
Vision to Action
Vision to ActionVision to Action
Vision to Action
 
key metrics and process in cyber security case scenario
key metrics and process in cyber security case scenario key metrics and process in cyber security case scenario
key metrics and process in cyber security case scenario
 
Two Words to Keep away from and Power Verbs to use Instead
Two Words to Keep away from and Power Verbs to use InsteadTwo Words to Keep away from and Power Verbs to use Instead
Two Words to Keep away from and Power Verbs to use Instead
 
Things Good Leaders Do When Facing Obstacles
Things Good Leaders Do When Facing ObstaclesThings Good Leaders Do When Facing Obstacles
Things Good Leaders Do When Facing Obstacles
 
Toughness and resilience Leadership
Toughness and resilience LeadershipToughness and resilience Leadership
Toughness and resilience Leadership
 
Common Resume mistakes
Common Resume mistakes Common Resume mistakes
Common Resume mistakes
 
Keys to effective relationship building
Keys to effective relationship buildingKeys to effective relationship building
Keys to effective relationship building
 
Five tips to be efficient using gmail
Five tips to be efficient using gmailFive tips to be efficient using gmail
Five tips to be efficient using gmail
 

Recently uploaded

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Cyber metrics for KPIs and KRIs to measure risks and highlight trends

  • 1. 1
  • 2. 2
  • 3.
  • 4. Performance and risk indicators are essential business measurements that make a significant distinction to how organizations are governed. Measurements provide insights in the way an organizational system operates using metrics that are translated into KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators). They are critical to the measurement and monitoring of risk and performance optimization. When metrics measure the achievement of the desired state they become performance indicators. These metrics help in effectively reporting the risk management performance results They provide early warnings regarding an increased risk exposure in certain areas, becoming key risk indicators.
  • 5. Enable regular review of risk trends and better visibility of technology risk and vulnerabilities Enables increased accountability and improved technology risk management effectiveness Assists in management review and providing decision indicators for continual improvement of technology risk management Provides inputs for prioritizing resource allocation decisions Assists in streamlining risk communications Contributes to overall cost savings and increased risk management efficiency Benefits of Effective risk Metrics
  • 6. It measures the performance of any operational function, cybersecurity or otherwise. KPIs establishes and demonstrates how effective an organization function is performing Did the organization achieved its established goals, exceeded those, or missed it? If missed or exceeded, then it also highlights by how much. One needs to identify few critical KPIs for a specific project, task, or process. KPI expresses the achievement of the desired level of results KPIs are a quantitative measure of highlighting the success or failure of target goal achievement.
  • 7. They are predictors of unfavorable events that can negatively affect organization. They monitor changes in the levels of risk exposure and contribute to the early warning signs that enable organizations to report risks, prevent crises and mitigate them in time. KRI measures the risk associated in the accomplishment of a specific project, task, or process. They are established to quantify and proactively monitor the level of risk They highlight when “The Risk” of a project, task, or process has stepped out of our comfort zone, in technical terms this is referred to as “out of your risk-appetite” boundary. They act as metrics of changes in an organization’s risk profile. It is critical to the measurement and monitoring of risk and performance optimization.
  • 8. KRI ensures that risks are identified, monitored, and remediated before they become a mess. It plays an influential role in risk management It provides visibility into the organization’s risk and control environment and processes.
  • 9. KRIs are typically measurable They can be quantified in terms of percentages, numbers They are predictable and are often used as early warning signals They impact organizational achievements and objectives KRIs are informative and act as a catalyst for decision making.
  • 10. Number of system backup failures – upgraded software can results in backup failures Number of active database administrator accounts – Default admin accounts means if an event occurs, it isn’t possible to point back to individual Number of application in the organization without a service level agreement ( SLA ) – You may be engaging with a high risk vendor if there is no SLA, They aren’t obligated to adhere to your regulation, thereby interrupting your business. Number of concurrent systems using the same login – It shows that the employee has shared their login credentials with unauthorized individuals
  • 11. Early warning sensors – Signal changes in risk: increase in the probability or in impact, before the risk materializes. Must address risks, not events – KRI are metrics capturing risk drivers or proxies of these risk drivers. Specific to each activity – Specific to each risk, and to specific weaknesses and culture of different institutions. Best identified via data analysis and experience – Business experience complements the lack of data. Data analysis: to confirm business intuition, and uncover other effects. May need heavy data collection – The trade-off to operate between the value of information collected and its cost of collection. Better if automated.
  • 12. Must be easy to use and timely – Should match the cycle of the activity Must help business decision – The rules of reporting apply to KRIs: only keep reports that do influence business decisions. Thresholds linked to risk appetite – Typically, lower threshold for core business (low risk), but not always. 100% (or about) target reliability does not mean 100% for all indicators; but only so collectively. Must be back tested for validity – How do you know it works? An essential question in risk management.
  • 13. Features to Identify, Select and Design effective KRIs May need heavy data collection - The trade-off to operate between the value of information collected and its cost of collection. Better if automated. Must be easy to use and timely - Should match the cycle of the activity Must help business decision - The rules of reporting apply to KRIs: only keep reports that do influence business decisions. Thresholds linked to risk appetite - Typically, lower threshold for core business (low risk), but not always. 100% (or about) target reliability does not mean 100% for all indicators; but only so collectively. Must be back tested for validity - How do you know it works? An essential question in risk management.
  • 14. 14 Breakout Session 1. What is a KRI? 2. Kindly state KPI. 3. Kindly state Characteristic Features of KRIs 4. What is the Purpose of a KRI
  • 16. 16 Thank You!!! Contact us: info@skillweed.com

Editor's Notes

  1. 1 minute: Welcome to the Governance Risk and Compliance course. I’m Akin (give credentials) and I’ll be your instructor for this course. -Describe purpose & benefits of course Ok, let’s get started.