|
Based on what you have read, consider the following questions and how you would reply to them:
Do you use formal metrics management techniques?
If not, why not?
If so, are they used to brief management?
Are each of your InfoSec functions documented not only in work instructions but also in process flowcharts?
Do you use similar charts to document the InfoSec functional LOE?
What other charts would you develop for each of the ISSO functions?
Do you have at least one metrics chart to track costs of each InfoSec function?
How would you use metrics management charts to justify your budget requests?
How would you use metrics management charts to justify the number of your staff?
How many charts, by function and description, would you want to use as an ISSO?
|