Metrics Manager provides visual reports to demonstrate actual vs. expected progress for category roll-ups and individual metrics. Metrics Manager leverages target-based metrics to drive decisions on acceptable control performance at a point in time.
Communicating business relevant security metrics is difficult for the best security teams. The first challenge is to transform technical statistics into meaningful metrics that inform decisions and relate to business outcomes. The second challenge is to present and communicate metrics in consistent and compelling visuals to enable decisions to adjust target values or change control owners' priorities to improve performance.
The above challenges inspired us to develop Metric Manager. To help select business relevant metrics, Metrics Manager contains a repository to reduce the time to define metrics. Metrics Manager provides a visual data entry screen to organize and document current metric values and targets. Data can also be uploaded from spreadsheets. Metrics Manager automatically generates the Master Security Index, an overall roll up of individual metrics to communicate the trend of information security to business and IT stakeholders.
For metrics that measure multiple control owners e.g. corporate vs. subsidiary, series can be defined for each metric. Nothing gets attention like competition.
- Reduced metric definition time.
- Consistent data entry for metric values and targets.
- Compelling Visuals: communicate actual to expected progress for individual metrics. Plus, demonstrate the overall trend of security through the Master Security Index.
Metrics Manager Overview
Metrics Manager distills the process of defining, managing, and communicating metric information into three steps:
- Define metrics
- Manage data
- Generate reports
Metrics Manager includes a metric repository, reducing the time and effort to define business relevant metrics.
Define baselines, enter actual values, and define expected targets over time. The target represents acceptable control performance at that point in time.
Metrics Manager provides visual reports to demonstrate actual vs. expected progress for metric categories and individual metrics. Metric Manager also includes the Master Security Index, a weighted average roll up across metric categories to communicate the overall trend of information security for stakeholders.
Reporting can also be organized by an individual series to communicate performance across control owners. Competition is a great motivator.