MEASURING THE INFORMATION SECURITY METRICS FOR A FINANCIAL INSTITUTION
A well known Financial Institute identified a need to enrich their Information Security strategy and enablement practices to cater for a number of requirements across compliance, risk and external regulations. In order to meet some of these requirements, they engaged Mobius to assist with the development and execution of information security metrics that support and measure Information Security across the business.
The metrics were developed from a strategic perspective and focused on their Information Security Pillars. Each pillar was expanded (by use of a straw model) into Executive, Management and Operational metrics across the pillars. Approximately 125 metrics were developed, ranging from RAG status’ to detailed technical metrics.
This differed from our traditional approach of building operational metrics which lead into management and executive metrics. However, the knowledge gained through working with the team, understanding how they see reporting and getting the metrics to where they are, has been invaluable.
If you have any questions or would like to know more about the approach we used, please contact us.