Articles
>
SSI Dashboard: 5 KPIs for CISOs & Executive Committees

SSI Dashboard: 5 KPIs for CISOs & Executive Committees

June 23, 2025
Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

The SSI dashboard isan essential management tool for the CISO. Whether used for operational, coordination, or strategic purposes, it allows you to view the security status of the information system and measure the gap between the company's ISSP (information system security policy) and the reality on the ground.

Your IT system is constantly evolving, and as a CISO, you need to make quick and informed decisions. This raises several questions.

  • Do you have the right indicators to do this?
  • Is the data you have relevant, objective, and understandable?
  • Have you integrated all the equipment present in your infrastructure?
  • Do you have the right indicators at your fingertips to make decisions about your company's security?

In this article, discover five examples of performance indicators to include in your SSI dashboard.

What is a good SSI performance indicator?

First, let's agree on the concept of an indicator. According to ANSSI, a key performance indicator (KPI) is " statistical data combining the measurement of one or more key points and used in comparison with historical data, target value(s), and/or threshold value(s)." Put simply, a performance indicator allows you to track the progress of an activity or the results of actions based on historical data. Through comparisons and thresholds, it provides the CISO with a decision-making tool.

SSI indicators are generally derived from the ISSP (Information Systems Security Policy) implemented within the organization. In particular, they follow security objectives related to:

  • a risk analysis ;
  • security measures resulting from an action plan;
  • legal obligations or compliance with standards and certifications.

Each company therefore defines its KPIs according to its needs, objectives, and resources in order to measure the effectiveness of its IT security.

"To make informed decisions, it is essential to choose the right SSI indicators. Beyond that, it is the visualization of this KPI that must enable the CISO to assess the situation at a glance."  

Baptiste David, Head of PreSales & Delivery, Tenacy

The indicators provide the CISO with a multi-level view.

  • At a strategic level, indicators enable the implementation of the PSSI to be monitored.
  • In terms of management, according to ANSSI, they enable " monitoring of the achievement of objectives and improvement of service quality. "
  • In terms of operations, performance indicators are used to measure production status, requirements, and the technical resources to be deployed.

In their performance dashboard, CISOs can visualize the status of their information system in summary form. This is an indispensable tool for clearly presenting the situation to both management and operational teams. The purpose of a key information security performance indicator is therefore to facilitate decision-making at all levels.

The deployment rate of security patches and fixes by application

  • The first key indicator on this list concerns measuring the vulnerability of your IT infrastructure. Patch management involves searching for software and operating systems on workstations and servers that have not been updated.
  • With cyberattacks on the rise, it is essential to minimize the risk of security breaches and vulnerabilities in your information system. In 2017, the WannaCry ransomware exploited a security flaw in Microsoft Windows' SMB v1 protocol and infected more than 250,000 systems worldwide. This is why keeping IT equipment up to date is essential for the CISO and their company.
  • Everyone is aware of the issue—but are you up to date with implementing fixes? Are they supported by your equipment? Monitoring a vulnerability indicator such as the deployment rate of patches and/or security fixes per application allows you to truly gauge the state of your IT infrastructure. Tracking this data over time enables you to make the necessary decisions to reduce the risk of cyberattacks via unpatched security vulnerabilities.

The volume of activities performed by your EDR agents on the IT infrastructure

The second metric to track in a dashboard dedicated to the security of your IT system concerns workstation protection. With the advent of EDR agents, security teams now have access to a set of logs and alerts for each workstation. By analyzing the protection coverage of your EDR agents, you will certainly be surprised to discover the actual number of missing, obsolete, and misconfigured installations.

Monitoring the threat volume of agents also allows you to more effectively target the teams targeted by cybercriminals in your company and thus take corrective action.

Did you know that 380,000 new malicious files[1] are identified every day? Ransomware attacks, fileless malware, hijacked RDP access, lateral movement... there are many threats targeting workstations.

By analyzing the activity of your EDR agents, you have the ability to respond in the event of an attack on one of your machines and thus avoid paralysis of your infrastructure.

The volume of processes launched by a super administrator

The third key indicator concerns the measurement of privileged access. System administrators are a prime target for cyber attackers, as they enable access to and management of IT resources. According to CyberArk, a publisher specializing in privileged access management (PAM), 79% of companies have experienced an identity-related breach in the last two years.

So who is the administrator of what? Conduct periodic reviews of privileged accounts and monitor changes in the volume of processes launched with root user privileges. This will allow you to monitor activity while avoiding leaving any entry points open for hackers.

Knowledge of this indicator contributes to the assessment of IS security and its level of risk. It allowsthe justification of access to be analyzed and risky situations to be rectified by removing inappropriate or obsolete access.

The volume of connections via MFA

A fourth piece of data that is essential for the CISO to manage the security of their IS is measuring connection security. Enablingmulti-factor authentication or MFA (also known as two-factor authentication, 2FA) is a key measure for protecting user network access.

To access an application, online account, or VPN, users must provide at least two factors of identity verification. After entering their username and password, access remains locked and requires a secondone-time password (OTP ) received via a second email address, SMS, or an application that generates one-time codes such as Google Authenticator, Microsoft Authenticator, and Twilio Authy. Identification factors can also be biometric, using the user's fingerprint, retinal scan, or facial recognition.

The level of training of employees

The fifth KPI concerns measuring the level of employee training in cyber risks. According to a study by U-Secure, an expert publisher in user awareness of cyber attacks, 85% of data breaches involve the human element. The need to raise user awareness is therefore clear.

But how can you be sure that your employees have really understood the dangers and haven't just listened distractedly during the last cyber training session? If you track participation rates for cyber risk and threat awareness training, are you sure you're tracking the right indicator? Would an excellent participation rate guarantee that users would respond appropriately in the event of an attack?

Instead, monitor your users' click-through rate during a fake phishing campaign! The higher your rate, the greater the need for awareness-raising efforts among your employees. You will have the visibility you need to implement new preventive measures. By tracking changes in this click-through rate, you will have a true measure of your users' awareness and, therefore, a measure of your performance!

As you have seen, defining relevant indicators is essential for gaining a clear overview of your IT system's security. Your next step, and not the least important one, will be to determine how you are going to easily collect and aggregate your data. Choosing indicators, implementation, performance monitoring... To help you, Tenacy provides you with customized IT security dashboards based on measurable and relevant indicators. Opening your eyes is the first step to protecting yourself!

Other articles

You may be interested in

Reporting
As a CISO, how should you report to senior management?

New legislative requirements in the area of IT security are now an integral part of corporate governance. As a result, cybersecurity is no longer the sole preserve of the CISO, but is now a topic of interest and concern for executive committees and management teams, who need to have a clear understanding of the issues involved.

‍

March 13, 2024
Comment évaluer et interpréter sa performance en cybersécurité ? - Tenacy<
Reporting
How can you assess and interpret your cybersecurity performance?

As a CISO, your priority is to maintain the security of your company's information systems while constantly improving its cybersecurity performance.

But to improve performance, you need to monitor it: that's the purpose of key performance indicators (KPIs). Interpreting this data can be a daily challenge, especially for your senior management. So how can you tell if you have the right level of security, or if you are more vulnerable to attacks than other companies in your sector?

September 26, 2023
Reporting
SSI Dashboard: 5 KPIs for CISOs & Executive Committees
June 23, 2025