Measure, Share, Compare.

ClearPoint is continous monitoring of vital IT and information security controls On-Demand Management

As an information technology security manager, you are tasked with establishing an effective information technology security strategy. Your overarching goal is to improve quality services while decreasing cost of delivery. You have a clear requirement to better understand and communicate your organization's security posture, efficacy of policies, programs, and compliance efforts. Security Performance Metrics are essential to meeting your requirement.

What are Security Performance Metrics and why do I need them?

Security performance metrics are quantitative measurements enriched with business context that provide comprehensive and contextual information on the current state and quality of an organization's security posture. Metrics serve as performance indicators to provide insight into the:

Effectiveness of information technology security initiatives and programs
Impact that internal controls have on security and business operation
Effectiveness of security policies, processes, and procedures
Assessment of risk associated with resources, assets, and threats
Compliance with standards, regulations, and governance objectives

Security performance metrics are the most effective way to systematically and consistently measure, analyze, and improve an organization's programs for IT security, compliance, governance, and risk.

How do I use Security Performance Metrics?

Security performance metrics give you insight into the efficiency and effectiveness of your IT security internal controls. Metrics present hard evidence supporting the existence of security controls, and provide quantitative support for assessing control value. Well-constructed metrics highlight concentrations of risk and progress toward goal attainment. Metrics offer insight into the impact of investments made in people, processes, and technologies to ensure compliance, implement best practices, and mitigate risk.

To be most effective, metrics must be communicated clearly and unambiguously to a variety of target audiences and within their business context. A scorecard is an ideal medium for the communication of results associated with a collection of related metrics. Scorecards provide evidence of regular review, analysis, and adjustment of IT security controls. A scorecard illustrates the impact of security internal controls on both the security posture and the business process of your organization.

To learn more, please visit our Resource Pages

Browse Our Metric Catalog

> Need help starting a security performance
assessment program? GO.

Learn & Evaluate

> Learn how to License ClearPoint On-Demand GO.

> Evaluate ClearPoint's Security Metrics as-a-ServiceGO.

> Evaluate ClearPoint's PCI Compliance as-a-ServiceGO.

> Download a free pdf "ClearPoint is..."GO.

I want ClearPoint Metrics
to help me with...

Executive	Management	Operational
> Getting started with a metrics program > Creating an IT & Information Security Performance Management System > Using metrics & scorecards to support an IT GRC program > Getting started with a metrics program > Deciding what to measure across my initiatives > Using metrics & scorecards to show evidence of compliance > Automating the collection of IT and security data > Getting started with a metrics program > Automating data collection across IT and Security Products

Community content licensed under Creative Commons • License Options • Privacy Policy • Terms of Use • Contact Us

8 New England Executive Park, 3 rd Floor | Suite 390, Burlington MA 01803 | Main Number 617-456-1900
ClearPoint is the IT security measurement Company for Governance, Compliance and Risk
Copyright © 2005-2010 ClearPoint Metrics. Inc. All rights reserved
Powered By: DreamingCode