The SSI dash board is anessential management tool for CISOs. Whether it's used for operational, coordination or strategic purposes, it enables you to visualize the state of information system security and measure the gap between the company's ISSP (information system security policy) and the reality on the ground.
Your information system is constantly evolving, and as CISO you need to make quick, well-informed decisions. This raises a number of questions.
- Do you have the right indicators to do this?
- Is your data relevant, objective and understandable?
- Have you integrated all the equipment on your infrastructure?
- Do you have the right indicators in front of you to make decisions about your company's security?
In this article, discover 5 examples of performance indicators to include in your SSI dashboard.
What is an SSI performance indicator?
To begin with, let's agree on the concept of an indicator. According to ANSSI, a performance indicator (or KPI, Key Performance Indicator) is " statistical data combining the measurement of one or more key points and used in comparison with a history, target value(s) and/or threshold value (s)". In simpler terms, performance indicators enable you to track the evolution of an activity or the results of actions based on historical data. Through comparisons and thresholds, it provides a decision-making tool for CISOs.
SSI indicators are generally derived from the ISSP (Information Systems Security Policy) set up within the organization. In particular, they track security objectives related to :
- a risk analysis ;
- safety actions based on an action plan ;
- legal obligations or compliance with standards and certifications.
Each company defines its KPIs according to its needs, objectives and resources, to measure the effectiveness of IS security.