This document discusses metrics, measures, and myths related to security metrics. It begins by defining some key terms and presenting quotes emphasizing the importance of measurement. It then addresses five common myths about metrics and emphasizes that metrics should be used to identify opportunities and drive improvement, not to punish people. The document outlines characteristics of good metrics and provides examples of security metrics and key performance indicators. It discusses how metrics can be displayed in dashboards and how monitoring transforms data into useful security information and knowledge.
Introduction to the Agile methods used at InfoJobs. Description of the Agile manifesto and principles. Overview of Scrum, kanban and scrumban as used at InfoJobs.
Valuendo 25 Things Not To Do (March 2009) HandoutMarc Vael
The document is a presentation by Marc Vael from Valuendo titled "25 tips & tricks" for an InfoSecurity 2009 conference in March. It discusses 25 common misconceptions about information security. Vael polls the audience on their level of agreement with statements and lessons related to how security is understood, budgets are determined, policies are followed, and risks are managed within organizations. The presentation aims to challenge assumptions and encourage best practices.
Issa Charlotte 2009 Patching Your UsersMike Murray
This document discusses how social engineering threats have replaced direct technical vulnerabilities as the main security risk, due to improvements in operating system security. It argues that traditional security awareness training does not effectively change user behavior because it is treated as mandatory training rather than persuasive marketing. The document advocates applying marketing principles to security awareness, including defining goals, measuring baseline user knowledge, developing an integrated marketing campaign using various communication channels, and re-measuring to evaluate impact and guide iterative improvement of the campaign. A case study example shows how these principles could be applied to a goal of improving password strength.
The document discusses auditing IT compliance and governance. It introduces CobIT, an IT governance framework that can be used to manage IT risks and compliance. CobIT provides over 300 control objectives that help ensure business objectives are met and undesired events are prevented or detected. The document outlines how CobIT can be used to design, implement, assess, and monitor an organization's IT compliance program.
Business is evolving, and IT governance frameworks like COBIT can help organizations adapt. COBIT provides a comprehensive framework for ensuring IT is properly governed and aligned with business needs. It addresses key areas like strategic alignment, value delivery, risk management, and resource management through establishing clear processes and controls. By implementing COBIT, organizations can improve transparency, accountability, compliance and overall IT performance.
The document provides an orientation on Six Sigma. It defines Six Sigma and quality, discusses the evolution of quality approaches, and outlines key Six Sigma concepts like the DMAIC methodology and sigma levels. It traces the origin and growth of Six Sigma from Motorola to GE. Tools used in the Six Sigma approach like process mapping, control charts, and root cause analysis are also introduced.
Introduction to the Agile methods used at InfoJobs. Description of the Agile manifesto and principles. Overview of Scrum, kanban and scrumban as used at InfoJobs.
Valuendo 25 Things Not To Do (March 2009) HandoutMarc Vael
The document is a presentation by Marc Vael from Valuendo titled "25 tips & tricks" for an InfoSecurity 2009 conference in March. It discusses 25 common misconceptions about information security. Vael polls the audience on their level of agreement with statements and lessons related to how security is understood, budgets are determined, policies are followed, and risks are managed within organizations. The presentation aims to challenge assumptions and encourage best practices.
Issa Charlotte 2009 Patching Your UsersMike Murray
This document discusses how social engineering threats have replaced direct technical vulnerabilities as the main security risk, due to improvements in operating system security. It argues that traditional security awareness training does not effectively change user behavior because it is treated as mandatory training rather than persuasive marketing. The document advocates applying marketing principles to security awareness, including defining goals, measuring baseline user knowledge, developing an integrated marketing campaign using various communication channels, and re-measuring to evaluate impact and guide iterative improvement of the campaign. A case study example shows how these principles could be applied to a goal of improving password strength.
The document discusses auditing IT compliance and governance. It introduces CobIT, an IT governance framework that can be used to manage IT risks and compliance. CobIT provides over 300 control objectives that help ensure business objectives are met and undesired events are prevented or detected. The document outlines how CobIT can be used to design, implement, assess, and monitor an organization's IT compliance program.
Business is evolving, and IT governance frameworks like COBIT can help organizations adapt. COBIT provides a comprehensive framework for ensuring IT is properly governed and aligned with business needs. It addresses key areas like strategic alignment, value delivery, risk management, and resource management through establishing clear processes and controls. By implementing COBIT, organizations can improve transparency, accountability, compliance and overall IT performance.
The document provides an orientation on Six Sigma. It defines Six Sigma and quality, discusses the evolution of quality approaches, and outlines key Six Sigma concepts like the DMAIC methodology and sigma levels. It traces the origin and growth of Six Sigma from Motorola to GE. Tools used in the Six Sigma approach like process mapping, control charts, and root cause analysis are also introduced.
The document discusses cloud computing. It defines cloud computing as a pay-as-you-go model for using applications, development platforms, and IT infrastructure. It outlines some of the key domains in cloud computing including architecture, governance, compliance, security, and operations. It also discusses some of the key drivers and challenges of cloud computing. Finally, it discusses frameworks that can be used for assurance in the cloud such as COBIT, SOC reports, ISO27001, and others.
The document discusses threats and risks associated with cloud computing. It begins by defining cloud computing as a pay-as-you-go model for using applications, platforms, and infrastructure. It then outlines some key cloud security problems including lack of transparency from providers, data leakage and loss, insecure cloud software, and account hijacking. Finally, it provides 10 questions organizations should ask cloud providers to evaluate security, such as how identity and access is managed, where data will be located, and what security certifications the provider has.
ISACA Barcelona Chapter Congress - July 2011Ramsés Gallego
Non-IT presentation that delivers a message on the need of understanding the human factor, immortality through technology, the moment of NOW, building bridges, singularity,...
The first 46 slides are NOT relevant since the 'real' presentation starts in slide 47... This is one presentation to attend and cannot be followed just by seeing the slides...
This presentation was given at GRC Conference in Boston (October 2010) and explains the interesting triad of not only People, Process & Technology but also Culture, Structure & Strategy. Besides, it moves beyond the 'alignment' idea and goes deep into the 'synchronization' needs of today's companies
This presentation was given at GRC Conference in Boston (October 2010) and explains the importance of measuring performance for real value. It goes into the world of metrics and balanced scorecards
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
The document discusses modern cyber threats and how to combat them. It was presented by an ISACA panel. The panel covered identifying current threats like web 2.0 attacks, targeted messages, botnets, rootkits and data/identity theft. Specific threats discussed included Koobface worm, which spreads on Facebook, and spear phishing attacks. The panel also reviewed the top 10 botnets responsible for spamming and their characteristics. The panel advised on utilizing tools, techniques and tactics to identify incidents and determine network vulnerabilities.
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
El documento describe las funcionalidades de un sistema de gestión de servicios que ayuda a las organizaciones a mejorar la prestación de servicios de asistencia al usuario. El sistema permite automatizar tareas como la apertura y seguimiento de incidencias, ofrecer autoservicio a los usuarios, integrar herramientas de colaboración y conocimiento, y proporcionar métricas e informes que permiten mejorar los niveles de servicio.
The document discusses strategies for mitigating malware risks. It begins by defining malware and different types. It then notes that malware has become more sophisticated, economically motivated, and backed by organized crime. Traditional anti-virus solutions are becoming less effective against new attacks. The document proposes understanding malware risks and market values of stolen data. It provides an overview of common crimeware families and discusses spyware, how it infiltrates systems, and threats it poses to organizations. Finally, it describes how botnets are used to commit financial fraud and are adopting new techniques like peer-to-peer networks.
The document discusses data loss prevention (DLP) concepts and solutions. It notes that data is increasingly mobile and at risk of theft or loss, while regulations have increased around data protection. A holistic approach is needed to secure data across devices, locations, and applications. This involves classifying sensitive data, monitoring its movement, and implementing controls like encryption, device control, and DLP to block unauthorized transfer of information and gain full visibility and control over data usage and movement. A phased implementation approach is recommended to achieve complete data protection.
Risk is an inherent part of any business and it is impractical to eliminate all risk. There are different categories of risk including reputation risk and project management risk. Risk management aims to balance opportunities and losses through processes like risk assessment, treatment, communication, and monitoring and review. Key factors in risk analysis include asset valuation, value at risk, single loss expectancy, and annual loss expectancy. Effective risk communication requires established communication channels and linkage to incident response. Risk management is a continuous process that evolves over time.
Este documento describe la solución de Single Sign-On (SSO) de Entel para proporcionar acceso único y seguro a múltiples aplicaciones. El SSO de Entel permite iniciar sesión una sola vez y acceder a aplicaciones como ERP, correo electrónico y aplicaciones web de forma automática. Ofrece gestión centralizada de accesos, autenticación fuerte y flexibilidad en la implementación. Reduce costos y mejora la productividad y satisfacción del usuario.
Este documento trata sobre la seguridad de la información en el puesto de trabajo y la prevención de pérdida de datos. Discute las amenazas comunes como la pérdida o robo de dispositivos portátiles, el acceso no autorizado a información privilegiada y la fuga de información a través de correo electrónico o copiar y pegar. También cubre estrategias como la encriptación de datos, el control de dispositivos y la detección y prevención de pérdida de datos para proteger la información de manera flexible e independiente
Este documento presenta los servicios de seguridad y gestión de riesgos de Entel. Describe su visión y estrategia, incluyendo la gestión de amenazas, identidad y acceso, y seguridad. Explica su modelo de servicio gestionado que ofrece soluciones de seguridad como servicios outsourcados enfocados en la mitigación del riesgo. Finalmente, resume algunas referencias de proyectos de Entel en gestión de amenazas, identidad y seguridad.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Stone Art Hub
Stone Art Hub offers the best competitive Marble Pricing in Dubai, ensuring affordability without compromising quality. With a wide range of exquisite marble options to choose from, you can enhance your spaces with elegance and sophistication. For inquiries or orders, contact us at ☎ 9928909666. Experience luxury at unbeatable prices.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
Digital Marketing with a Focus on Sustainabilitysssourabhsharma
Digital Marketing best practices including influencer marketing, content creators, and omnichannel marketing for Sustainable Brands at the Sustainable Cosmetics Summit 2024 in New York
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
The document discusses cloud computing. It defines cloud computing as a pay-as-you-go model for using applications, development platforms, and IT infrastructure. It outlines some of the key domains in cloud computing including architecture, governance, compliance, security, and operations. It also discusses some of the key drivers and challenges of cloud computing. Finally, it discusses frameworks that can be used for assurance in the cloud such as COBIT, SOC reports, ISO27001, and others.
The document discusses threats and risks associated with cloud computing. It begins by defining cloud computing as a pay-as-you-go model for using applications, platforms, and infrastructure. It then outlines some key cloud security problems including lack of transparency from providers, data leakage and loss, insecure cloud software, and account hijacking. Finally, it provides 10 questions organizations should ask cloud providers to evaluate security, such as how identity and access is managed, where data will be located, and what security certifications the provider has.
ISACA Barcelona Chapter Congress - July 2011Ramsés Gallego
Non-IT presentation that delivers a message on the need of understanding the human factor, immortality through technology, the moment of NOW, building bridges, singularity,...
The first 46 slides are NOT relevant since the 'real' presentation starts in slide 47... This is one presentation to attend and cannot be followed just by seeing the slides...
This presentation was given at GRC Conference in Boston (October 2010) and explains the interesting triad of not only People, Process & Technology but also Culture, Structure & Strategy. Besides, it moves beyond the 'alignment' idea and goes deep into the 'synchronization' needs of today's companies
This presentation was given at GRC Conference in Boston (October 2010) and explains the importance of measuring performance for real value. It goes into the world of metrics and balanced scorecards
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
The document discusses modern cyber threats and how to combat them. It was presented by an ISACA panel. The panel covered identifying current threats like web 2.0 attacks, targeted messages, botnets, rootkits and data/identity theft. Specific threats discussed included Koobface worm, which spreads on Facebook, and spear phishing attacks. The panel also reviewed the top 10 botnets responsible for spamming and their characteristics. The panel advised on utilizing tools, techniques and tactics to identify incidents and determine network vulnerabilities.
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
El documento describe las funcionalidades de un sistema de gestión de servicios que ayuda a las organizaciones a mejorar la prestación de servicios de asistencia al usuario. El sistema permite automatizar tareas como la apertura y seguimiento de incidencias, ofrecer autoservicio a los usuarios, integrar herramientas de colaboración y conocimiento, y proporcionar métricas e informes que permiten mejorar los niveles de servicio.
The document discusses strategies for mitigating malware risks. It begins by defining malware and different types. It then notes that malware has become more sophisticated, economically motivated, and backed by organized crime. Traditional anti-virus solutions are becoming less effective against new attacks. The document proposes understanding malware risks and market values of stolen data. It provides an overview of common crimeware families and discusses spyware, how it infiltrates systems, and threats it poses to organizations. Finally, it describes how botnets are used to commit financial fraud and are adopting new techniques like peer-to-peer networks.
The document discusses data loss prevention (DLP) concepts and solutions. It notes that data is increasingly mobile and at risk of theft or loss, while regulations have increased around data protection. A holistic approach is needed to secure data across devices, locations, and applications. This involves classifying sensitive data, monitoring its movement, and implementing controls like encryption, device control, and DLP to block unauthorized transfer of information and gain full visibility and control over data usage and movement. A phased implementation approach is recommended to achieve complete data protection.
Risk is an inherent part of any business and it is impractical to eliminate all risk. There are different categories of risk including reputation risk and project management risk. Risk management aims to balance opportunities and losses through processes like risk assessment, treatment, communication, and monitoring and review. Key factors in risk analysis include asset valuation, value at risk, single loss expectancy, and annual loss expectancy. Effective risk communication requires established communication channels and linkage to incident response. Risk management is a continuous process that evolves over time.
Este documento describe la solución de Single Sign-On (SSO) de Entel para proporcionar acceso único y seguro a múltiples aplicaciones. El SSO de Entel permite iniciar sesión una sola vez y acceder a aplicaciones como ERP, correo electrónico y aplicaciones web de forma automática. Ofrece gestión centralizada de accesos, autenticación fuerte y flexibilidad en la implementación. Reduce costos y mejora la productividad y satisfacción del usuario.
Este documento trata sobre la seguridad de la información en el puesto de trabajo y la prevención de pérdida de datos. Discute las amenazas comunes como la pérdida o robo de dispositivos portátiles, el acceso no autorizado a información privilegiada y la fuga de información a través de correo electrónico o copiar y pegar. También cubre estrategias como la encriptación de datos, el control de dispositivos y la detección y prevención de pérdida de datos para proteger la información de manera flexible e independiente
Este documento presenta los servicios de seguridad y gestión de riesgos de Entel. Describe su visión y estrategia, incluyendo la gestión de amenazas, identidad y acceso, y seguridad. Explica su modelo de servicio gestionado que ofrece soluciones de seguridad como servicios outsourcados enfocados en la mitigación del riesgo. Finalmente, resume algunas referencias de proyectos de Entel en gestión de amenazas, identidad y seguridad.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Stone Art Hub
Stone Art Hub offers the best competitive Marble Pricing in Dubai, ensuring affordability without compromising quality. With a wide range of exquisite marble options to choose from, you can enhance your spaces with elegance and sophistication. For inquiries or orders, contact us at ☎ 9928909666. Experience luxury at unbeatable prices.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
Digital Marketing with a Focus on Sustainabilitysssourabhsharma
Digital Marketing best practices including influencer marketing, content creators, and omnichannel marketing for Sustainable Brands at the Sustainable Cosmetics Summit 2024 in New York
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.AnnySerafinaLove
This letter, written by Kellen Harkins, Course Director at Full Sail University, commends Anny Love's exemplary performance in the Video Sharing Platforms class. It highlights her dedication, willingness to challenge herself, and exceptional skills in production, editing, and marketing across various video platforms like YouTube, TikTok, and Instagram.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
3 Simple Steps To Buy Verified Payoneer Account In 2024SEOSMMEARTH
Buy Verified Payoneer Account: Quick and Secure Way to Receive Payments
Buy Verified Payoneer Account With 100% secure documents, [ USA, UK, CA ]. Are you looking for a reliable and safe way to receive payments online? Then you need buy verified Payoneer account ! Payoneer is a global payment platform that allows businesses and individuals to send and receive money in over 200 countries.
If You Want To More Information just Contact Now:
Skype: SEOSMMEARTH
Telegram: @seosmmearth
Gmail: seosmmearth@gmail.com
How to Implement a Real Estate CRM SoftwareSalesTown
To implement a CRM for real estate, set clear goals, choose a CRM with key real estate features, and customize it to your needs. Migrate your data, train your team, and use automation to save time. Monitor performance, ensure data security, and use the CRM to enhance marketing. Regularly check its effectiveness to improve your business.
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This PowerPoint compilation offers a comprehensive overview of 20 leading innovation management frameworks and methodologies, selected for their broad applicability across various industries and organizational contexts. These frameworks are valuable resources for a wide range of users, including business professionals, educators, and consultants.
Each framework is presented with visually engaging diagrams and templates, ensuring the content is both informative and appealing. While this compilation is thorough, please note that the slides are intended as supplementary resources and may not be sufficient for standalone instructional purposes.
This compilation is ideal for anyone looking to enhance their understanding of innovation management and drive meaningful change within their organization. Whether you aim to improve product development processes, enhance customer experiences, or drive digital transformation, these frameworks offer valuable insights and tools to help you achieve your goals.
INCLUDED FRAMEWORKS/MODELS:
1. Stanford’s Design Thinking
2. IDEO’s Human-Centered Design
3. Strategyzer’s Business Model Innovation
4. Lean Startup Methodology
5. Agile Innovation Framework
6. Doblin’s Ten Types of Innovation
7. McKinsey’s Three Horizons of Growth
8. Customer Journey Map
9. Christensen’s Disruptive Innovation Theory
10. Blue Ocean Strategy
11. Strategyn’s Jobs-To-Be-Done (JTBD) Framework with Job Map
12. Design Sprint Framework
13. The Double Diamond
14. Lean Six Sigma DMAIC
15. TRIZ Problem-Solving Framework
16. Edward de Bono’s Six Thinking Hats
17. Stage-Gate Model
18. Toyota’s Six Steps of Kaizen
19. Microsoft’s Digital Transformation Framework
20. Design for Six Sigma (DFSS)
To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
The Genesis of BriansClub.cm Famous Dark WEb PlatformSabaaSudozai
BriansClub.cm, a famous platform on the dark web, has become one of the most infamous carding marketplaces, specializing in the sale of stolen credit card data.
Understanding User Needs and Satisfying ThemAggregage
https://www.productmanagementtoday.com/frs/26903918/understanding-user-needs-and-satisfying-them
We know we want to create products which our customers find to be valuable. Whether we label it as customer-centric or product-led depends on how long we've been doing product management. There are three challenges we face when doing this. The obvious challenge is figuring out what our users need; the non-obvious challenges are in creating a shared understanding of those needs and in sensing if what we're doing is meeting those needs.
In this webinar, we won't focus on the research methods for discovering user-needs. We will focus on synthesis of the needs we discover, communication and alignment tools, and how we operationalize addressing those needs.
Industry expert Scott Sehlhorst will:
• Introduce a taxonomy for user goals with real world examples
• Present the Onion Diagram, a tool for contextualizing task-level goals
• Illustrate how customer journey maps capture activity-level and task-level goals
• Demonstrate the best approach to selection and prioritization of user-goals to address
• Highlight the crucial benchmarks, observable changes, in ensuring fulfillment of customer needs
Let’s have a look to today’s main points in the agenda. First of all we are going to see the power of metrics and how important they are to know what is happening in a company and how the enterprise is doing regarding bottom-line impact. Metrics are the indicators that tell not only management but also people on day-to-day operations how well they are performing to already established goals and business objectives. As we will see later, there is way (and a deep need, in my opinion) to align security management with the business.
We will also make a quick overview of what are CSFs, KGIs and KPIs and the intimate relationship between them.
As a security practitioner and consultant, I will give you some real examples of KPIs and how they integrate in a balanced scorecard and also talk about a real implementation of a security dashboard on a customer.
Finally, to wrap up, we will see the SMART side of metrics and a quick summary. Let’s go
Objectives need to be defined
The course in charted
Risks are identified, evaluated and managed
Resources and their criticality and sensitivity are determined
Objectives are:
Strategic alignment
Risk Management
Business process assurance
Value delivery
Resource Management
Performance measurement
It is said that you cannot manage what you cannot measure (and I fully agree with that vision) and my colleague Krag Brotby will later on the day do a presentation about it.
It has to be pointed out that normalization of data it is very useful since you have to be able to compare between departments and divisions but also with other industry peers. Normalization places all the measures on a similar footing by equalizing them across a common organizational base
Besides, metrics are rarely raw data but some derivative number (ratio, index, percentage or weighted average)
Critical to successful implementation of metrics is the understanding and acceptance that they take an important commitment and use in time and resources
Regarding IC, each organization needs to decide how important each attribute is for their business and this profile expresses the enterprise’s position and appetite for risk
CSFs were introduced by John F. Rockart in 1979 and are defined as elements that are vital for a strategy to be successful. In another level they could also be seen as important things for the process in this way: “what you need from others” and “what you can do yourself and deliver to others”
KGIs are a target to achieve, a measure of outcome
We are going to focus today in KPIs since they are the day-to-day metrics, the one being monitored constantly
In this context we need to remember that IT is a major enabler of the business and, therefore, KPIs are a measure of performance
As you can see in the graphic on the left, KGIs are just above generic IT goals and KPIs are next to IT processes showing their area or influence. Consequently, we could define KGIs as “lag” indicators while KPIs could be “lead” indicators. By the way, both measures could also be expressed negatively showing not having reached the goal or not performing well
KPIs have a cause-effect relationship with KGIs of the process
In summary, KGIs are business-driven while KPIs are process-oriented
I think that KGIs and KPIs do reflect organizational goals. Once a company has analyzed its mission, identified all its stakeholders and defined its goals, it needs a way to measure progress. KPIs are those measurements. Take into account that some analysts and consultants call KPIs also KSI (Key Success Indicators) but it is extremely more common the former acronym (with a P from performance) giving it a sense of direction and continuous monitoring.
Top-down approach
KPIs are quantifiable measurements, agreed to beforehand. However, I would like to deviate from the idea that there is a kind of negotiation with KGIs and KPIs. There should be an agreement but what really matters is the strategy and how a company is going to measure the achievement of the target. In the same way, scaling down to the IT or security department, there should be an agreement (again, not a biased negotiation) of what is needed and how security brings and adds value to the business (by preventing threats exploiting a vulnerability better than last month or year or some other measures that we are going to see in a moment).
This takes us to a whole new level of data visualization and integration: dashboards and balanced scorecards. Introduced by Robert Kaplan and David Norton in the early 90s, (1992 to be precise), balanced scorecards convert strategy into action by showing in a centralized single place all the metrics that executive management needs to take decisions. In fact, not only management but also operational teams and divisional managers are empowered by balanced scorecards since different views and information is provided depending on the role and profile of the viewer.
The definition of BSCs given by Mr. Kaplan and Mr. Norton is very interesting. Listen for the words: comprehensive view, performance, management tool. A BSC is a method and a management tool for ensuring enterprise’s activities in terms of its vision and strategies by giving managers a fast, comprehensive view of the performance of a business. It is here where we should introduce the 4 different perspectives of a balanced scorecard: financial, customer, internal process and learning/innovation.
Scorecards - Most strategic level of the business decision while dashboard work more in the operational side giving key users metrics of their area of influence
Level 0 - Non existent
Level 1 - Initial
Level 2 - Repeatable
Level 3 - Defined
Level 4 - Managed
Level 5 - Optimised
“Knowledge resides in the person, not in the data…it is the response and action to information that counts”
We built upon other disciplines like network management, asset management (CMDB) and storage management (backup & contigency plan) so as to provide a unique repository of information and began escalating in what we called “The road to management”
“You need to know what you have to be able to protect it”
3-layer architecture
We focused so much in showing a KPI regarding critical operations, which nodes out of 1453 where at risk and, consequently, which operations were being threatened. Remember, at this point the definition of what is risk: the potential that a given threat will exploit a vulnerability with an impact in an asset or group of assets
(meaning alignment with the business)
(since KPIs are “lead” indicators)
FOCUS