Key Performance Indicators
Being able to measure IT security processes represents an important requirement for ensuring quality management in IT security. What are referred to as Key Performance Indicators (KPIs) empower managers to measure IT security. KPIs are made up of indicators that are used to measure the level of compliance of key objectives.
KPIs Taking Patch Management Processes as an Example
Evaluating patch management processes using key performance indicators has now been implemented for the first time in AMPEG Security Lighthouse. Based on these KPIs, the average duration of the patch rollout is revealed to the Security Management team in a single view. If the whole rollout process takes too long, the risk of not being sufficiently protected increases in the event of manipulation.
KPI Rollout Time for Patchmanagement
 |
Rollout Time Release (RTR) illustrates the risk of how long a company remains inadequately protected after releasing a patch. |
The Impact Made by Improvement Measures is Made Visible
As the chart shows, from the time of publication to the end of the installation process, the average rollout period in July 2009 comprised 111.54 days.
 |
Security Level Management - A Measurable Added Value
Employing KPIs allows critical weak points in distribution processes to be identified and optimization measures to be initiated in a target-oriented manner. The introduction of security level management and the improvement measures derived from this allowed the rollout time, from release until the end of installation, between July 2009 and May 2010, to be reduced to 19.08 days, and the residual risk to be minimised.