IT Security
|
|
The main goal of IT-security-related processes is to guarantee the safety of IT, protecting it from unauthorized access, use, disclosure, modification, or destruction. Implementing IT security is not an option anymore; it is a necessity. |
The following metrics are just several examples taken from our extensive library, which will allow you to choose the most appropriate ones to measure and analyze the security controls that protect IT assets.
- % Applications Security Compliant - the percentage of applications managed and supported by IT that are compliant with IT security standards. This involves compliance with authentication mechanism standards, architecture, password policies, and access control standards.
- Percentage of Desktops with Firewall Protection - the percentage of desktops (PCs, laptops, notebooks, and so on) in an IT environment that have firewall protection installed and enabled.
- Percentage of Servers Without Password Policy - this metric shows the percentage of services that do not have a password policy implemented. A password policy is a clearly defined set of rules that dictate how passwords should be established and maintained. All servers, including development, staging, and production, should adhere to a corporate password policy in alignment with corporate security standards.
- Remote Connection Intrusion Attempts - the number of remove connection intrusion attempts detected over a selected time period. A remote connection intrusion attempt can be defined as an attempt by an unauthorized user, or device, to access a corporate network. Many organizations suffer a large volume of such attempts — Microsoft estimates it has 100,000 per month.
- Percentage of Virus Patch Release Within Target - the percentage of new virus patch releases that are implemented in the IT infrastructure within a set target time.
- Total Domain Accounts - the total number of domain accounts existing within IT security systems.
- Percentage of Accounts Terminated Within Target - the percentage of user domain accounts that are terminated within a defined target. Termination of an account includes removing the user entry from all security databases and systems in which it existed and typically occurs when an employee leaves the business. It can also result from the elimination of duplicate accounts.
- Percentage of Database Instances Without Password Policy - the percentage of database instances that do not have a password policy implemented in alignment with corporate IT security standards and policies.