Educause Security Discussion mailing list archives

Re: KPIs in IT Security Policy

From: Les Mitchell <mitchell () USQ EDU AU>
Date: Fri, 18 Mar 2005 15:06:43 +1000

Hi Jarrod,

Not exactly what you are looking for, but have you seen the Corporate
Information Security Working Group: Report of the Best Practices and
Metrics Team (http://www.educause.edu/ir/library/pdf/CSD3661.pdf)

Might be useful for identifying possible KPI.

Regards
Les Mitchell
University of Southern Queensland

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jarrod Loidl
Sent: Friday, 18 March 2005 2:32 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] KPIs in IT Security Policy

Hi all,

I am doing a review of our IT Security policy framework. As a 
part of a previous review conducted by an external group, we 
were advised that our Security Policies were rather broad in 
the sense we did not have a measurable set of Key Performance 
Indicators (KPIs) to accurately assess the response and 
performance of the IT Security group.

However in doing in a review of some of our competitors 
within Australia I noted that, to the best of my knowledge, 
neither had any of them!

I am curious to know if any of the other universities and 
higher institutions subscribed to this list have developed 
any such KPIs as a part of their IT Security framework, and 
if so could you provide some links and/or insight into how 
they developed said framework and KPIs. If not, perhaps some 
insight as to why none were stated.

Thanks in advance,
--
Jarrod Loidl
IT Security of Infrastructure Services,
Information Technology Services, Monash University - Clayton
Phone: +61 3 99052055    Fax:   +61 3 99054746

**********
Participation and subscription information for this EDUCAUSE 
Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

KPIs in IT Security Policy Jarrod Loidl (Mar 17)
- <Possible follow-ups>
- Re: KPIs in IT Security Policy Les Mitchell (Mar 17)
- Re: KPIs in IT Security Policy Tom Bossie (Mar 18)
- Re: KPIs in IT Security Policy King, Dennis C. (Mar 18)
- Re: KPIs in IT Security Policy Jason Brooks (Mar 18)