What are the key indicators to evaluate your organisation’s information-security level and reduce risks? Learn what indicators to monitor, how to deploy an information-security dashboard (TDBSSI), automate analysis and more. Concrete examples and best practices to guarantee optimal data protection and reach your information-security goals.
Information-security professionals know tracking the most relevant indicators can make all the difference between good data protection and heightened vulnerability. Feeling lost in an endless ocean of security information? This guide lets you understand what to look for, and provides the tools to analyse results quickly and take action to improve data protection.
Information-security indicators
Information-security indicators are measurements that let CISOs and CIOs evaluate information-system security levels. They monitor policy effectiveness, identify vulnerabilities and drive actions to improve data protection.
Main information-security indicators
Main indicators include vulnerability rate, data protection, incident recovery time, daily attack counts and security-tool usage rate. They evaluate security-policy effectiveness and identify potential risks.
Data sources to consider
Sources: activity logs, monitoring tools, compliance reports. CISOs and CIOs must analyse these to identify trends and determine whether the system is adequately protected against threats.
Key numbers to watch
- Vulnerability rate: total vulnerabilities vs. total applications
- Data-protection rate: total breaches vs. total users
- Mean incident-recovery time: average time to recover a system after an attack
Evaluating indicator impact on information-system security
Once indicators are identified, CISOs and CIOs must evaluate their impact on information-system safety.
Assessing indicator impact
Analyse collected data to determine if the system is adequately protected. Also monitor risks and threats and take measures to reduce them.
Risks and threats to monitor
- DDoS attacks
- Data loss or theft
- Unauthorised system access
- Fraudulent data manipulation
- File corruption
Measures to avoid risks
Deploy strict security policies, train staff, monitor threats permanently. Deploy monitoring tools to detect suspicious activity and remediate immediately.
Other aspects
Consider level of indicator-monitoring automation. Full automation reduces monitoring time and quickly identifies any potential problem.
Automating the indicator-tracking process
Once indicators are identified, automate the tracking process to improve system efficiency.
Automating indicator tracking
Automation can be done via an information-system security dashboard (TDBSSI) — a tool to collect, store, analyse and display all security-indicator data.
Building a dashboard
Define clear, specific objectives. Collect relevant data from appropriate sources and analyse to identify trends and take improvement actions.
Available automation tools and systems
Splunk, LogRhythm, IBM QRadar, AlienVault USM, McAfee Enterprise Security Manager.
Plan for monitoring information-security indicators
CISOs and CIOs must draft a detailed plan: list of indicators, description of data sources, automation approach, and actions to take if a problem arises.
Examples of indicator use in organisations
Many companies monitor information-security indicators. Example: a company tracks its vulnerability rate to verify all apps are adequately protected.
Another tracks its data-protection rate to verify all employees respect information-security policies.
