Re: KPIs in IT Security Policy

["King, Dennis C." <dck22 () ALFRED EDU>]

It downloaded fine for me.  Tom, if you continue to have problems, email me
and I will send you a copy.

Dennis

Dennis C King, MBA, CISSP
Information Security Officer
Alfred University, Herrick Library
One Saxon Drive, Alfred, NY 14802
email: dck22 () alfred edu - phone: 607.871.2379


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tom Bossie
Sent: Friday, March 18, 2005 8:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] KPIs in IT Security Policy

I tried to download the KPI file reference below and got "file damaged and
cannot be repaired" adobe message. Anyone else experience this?
Thx.
Tom

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Les Mitchell
Sent: Friday, March 18, 2005 12:07 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] KPIs in IT Security Policy

Hi Jarrod,

Not exactly what you are looking for, but have you seen the Corporate
Information Security Working Group: Report of the Best Practices and Metrics
Team (http://www.educause.edu/ir/library/pdf/CSD3661.pdf)

Might be useful for identifying possible KPI.

Regards
Les Mitchell
University of Southern Queensland

> -----Original Message-----
> From: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jarrod Loidl
> Sent: Friday, 18 March 2005 2:32 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] KPIs in IT Security Policy
>
>
> Hi all,
>
> I am doing a review of our IT Security policy framework. As a part of
> a previous review conducted by an external group, we were advised that
> our Security Policies were rather broad in the sense we did not have a
> measurable set of Key Performance Indicators (KPIs) to accurately
> assess the response and performance of the IT Security group.
>
> However in doing in a review of some of our competitors within
> Australia I noted that, to the best of my knowledge, neither had any
> of them!
>
> I am curious to know if any of the other universities and higher
> institutions subscribed to this list have developed any such KPIs as a
> part of their IT Security framework, and if so could you provide some
> links and/or insight into how they developed said framework and KPIs.
> If not, perhaps some insight as to why none were stated.
>
> Thanks in advance,
> --
> Jarrod Loidl
> IT Security of Infrastructure Services, Information Technology
> Services, Monash University - Clayton
> Phone: +61 3 99052055    Fax:   +61 3 99054746
>
> **********
> Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: smime.p7s
Description: