|
Metrics management techniques will provide a process for the ISSO to support InfoSec- and CIAPP-related decisions. The ISSO should understand the following points:
Metrics management is an excellent method to track InfoSec functions related to LOE, costs, use of resources, etc.
The information can be analyzed, and results of the analyses can be used to:
Identify areas where efficiency improvements are necessary;
Determine effectiveness of InfoSec functional goals;
Provide input for performance reviews of the InfoSec staff (a more objective approach than subjective performance reviews of today's ISSOs); as well as
Indicate where InfoSec service and support to IWC requires improvement, meets its goals, etc.
|