Metrics Analysis

Previous page
Table of content
Next page


As part of the year-end review, the ISSO did a complete analysis of the metrics charts that had been developed and used throughout the first year of the CIAPP.

The ISSO noted that the charts had grown to more than 47 separate metrics charts. The ISSO was concerned that some of the charts had outlived their usefulness, while others continued to be of value, and possibly some new charts were needed.

The analysis of the metrics charts indicated that several of the charts had been necessary to track particular problem areas. However, some of the problems appeared to have been resolved and the metrics charts, for the previous 4 months, had supported that view.

Some metrics charts were developed and briefed periodically to management because some managers were interested in periodically knowing the amount of LOE being used to support some specific tasks. The ISSO decided to identify those charts to the managers who were interested in the information and gain their approval to eliminate those charts, as it appeared the information provided had met their needs. If not, it might be possible to provide that information to management on an annual or semiannual basis instead of the current monthly or quarterly report. The final decision should be made by the ISSO's customer.

The ISSO took all the metrics charts and identified them by their objectives—in other words, their purpose for being developed and used. Those would also be linked to specific areas that support the IWC CIAPP and InfoSec organizational plans. The ISSO wanted to be sure that the metrics used to help manage the CIAPP and the InfoSec organization met the needs of the CIAPP, of management, and of the InfoSec organization.

The ISSO knew that metrics charts tend to increase and seem to sometimes take on a life of their own. The ISSO was concerned that the time it took to track specific LOEs and projects using metrics was sometimes not cost-effective. By identifying the charts against their purpose in a matrix, the ISSO found that it was easy to analyze the metrics charts and their purpose (Figure 10.2).

Chart Identification

Purpose

Chart #1

Chart #2

Chart #3

Chart #4

Etc.

Cost

X

Schedule

X

X

Brief Mgt.

X

X

Brief Cust.

X

X

LOE Drvrs.

X

X

Etc.

X


Figure 10.2: An example of a matrix chart to be used to evaluate metrics charts, based on the charts' purposes.



Previous page
Table of content
Next page
The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
The CISSP and CAP Prep Guide: Platinum Edition
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy