KPIs in IT Security Policy

[Jarrod Loidl <jarrod.loidl () ITS MONASH EDU AU>]

Hi all,

I am doing a review of our IT Security policy framework. As a part of a
previous review conducted by an external group, we were advised that
our Security Policies were rather broad in the sense we did not have a
measurable set of Key Performance Indicators (KPIs) to accurately assess
the response and performance of the IT Security group.

However in doing in a review of some of our competitors within Australia
I noted that, to the best of my knowledge, neither had any of them!

I am curious to know if any of the other universities and higher
institutions subscribed to this list have developed any such KPIs as a
part of their IT Security framework, and if so could you provide some
links and/or insight into how they developed said framework and KPIs. If
not, perhaps some insight as to why none were stated.

Thanks in advance,
--
Jarrod Loidl
IT Security of Infrastructure Services,
Information Technology Services, Monash University - Clayton
Phone: +61 3 99052055    Fax:   +61 3 99054746

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.