E- Monitoring Responsibilities and Metrics

Question 1

Monitoring Responsibilities

Answer 1

helps an organization confirm that the correct jobs are being carried out in the right way.

Question 2

Some Tools of monitoring

Answer 2

• Controls and internal audit
• Metrics and reporting
• Work measurement
• Performance measurement
• 360 feedback
• Position benchmarking

Question 3

360 feedback

Answer 3

Soliciting structured feedback from peers, subordinates, and management helps subjects and management better understand characteristics related to specific responsibilities.

Question 4

What are metrics

Answer 4

Means through which management can measure key processes and know whether their strategies are working

Question 5

Security Metrics

Answer 5

Security metrics are often used to observe technical IT security controls and processes and to know whether they are operating properly.
They include metrics such as KRIs, KGIs, and KPIs.

Question 6

Key risk indicators (KRIs)

Answer 6

Metrics associated with the measurement of risk.

Question 7

Key Goal Indicator (KGIS)

Answer 7

Metrics that portray the attainment of strategic goals.

Question 8

Key Performance Indicators (KPIs)

Answer 8

Metrics used to show efficiency or effectiveness of security-related activities.

Question 9

When can metrics be effective

Answer 9

They need to be measurable

Question 10

SMART Method

Answer 10

Specific , Measurable, Attainable, Relevant, Timely.

SMART ensures the quality and effectiveness of a Metric.

Question 11

Other consideration for Good metrics

Answer 11

• Leading indicator: Does the metric help management to predict future risk?
• Causal relationship: Does the metric have a defensible causal relationship to a business impact, where a change in the metric compels someone to act?
• Influence: Has the metric influenced decision-making (or will it)?

Question 12

What a security program strategy and objectives should contain?

Answer 12

Statements that can be translated into key measurements - The key performance and risk metrics of the program

Question 13

How do you measure the success of a risk management program

Answer 13

By indirect measurements like improving trends such as:

• Reduction in the number of securities incidents.
• Reduction in the impact of security incidents,
• Reduction in the time to remediation vulnerabilities
• Etc…

Question 14

What should a security program IMPROVING its maturity from low levels should first expect to see

Answer 14

The number of incidents increase.

Question 15

What should a security program that is IMPROVED and matures over time should expect to see

Answer 15

The number of new risks will, at first, increase and then later decrease.

Question 16

What performance measurement metrics of information security provide

Answer 16

A view of tactical security processes and activities.

Question 17

Performance measurement metrics can include

Answer 17

• Time to detect security incidents
• Time to remediate security incidents
• Time to provision user accounts
• Time to deprovision user accounts
• Time to discover vulnerabilities

Question 18

On what value delivery metrics focus on?

Answer 18

On the long-term reduction of cost, in proportion to other measures.

Question 19

Example of value delivery metrics

Answer 19

• Control Used
• Percentage of controls that are effective
• Program costs per asset population or asset value
• Program costs per employee population
• Program costs per revenue.

Question 20

What metrics should be used with caution

Answer 20

Value Delivery Metrics. It should be used in combination with another metrics to avoid wrong metrics results.

Question 21

Resource management metric

Answer 21

Similar to value delivery, but has emphasis is placed on program efficiency.

Question 22

Balanced Scorecard

Answer 22

A management tool that is used to measure the performance, effectiveness and progress of an organization.

Question 23

The Four perspectives of the Balanced Scorecard

Answer 23

1-Finance
2-Customer
3-Internal Processes
4-Innovation and learning

Question 24

Business Model for Information Security (BMIS)

Answer 24

A guide for business-aligned, risk based security governance.

Question 25

Security Balanced Scorecard

Answer 25

Used to specifically measure security organization performance and results.

Question 26

The Four perspectives of the Security Balanced Scorecard

Answer 26

Same as the Balance ScoreCard.
1-Finance
2-Customer 
3-Internal Processes
4-Innovation and learning

Question 27

From where is the security balanced scorecard derived from

Answer 27

From the organization’s overall balanced score card and its IT balanced Scorecard

Question 28

Why is the security balanced scorecard derived from the organization’s overall balanced score card and its IT balanced Scorecard

Answer 28

To ensure that security will align itself with corporate objectives.

Question 29

ROSI ?

When it’s easy to compute it?

Answer 29

Return On Security Investment it easier to be computed for events that occur more frequently.

Question 30

Key in Balanced Score Card

Answer 30

• Financial
• Customer
• Internal process
• Innovation