information security metrics dashboards and progress reports
DESCRIPTION
TRANSCRIPT
1
Representing Security Metrics in DashBoardsand Progress Reports
© Inovement and Vicente Aceituno 2013
2
Metrics Representation
Metrics are measurements that gain meaning from comparison with previous or equivalent measurements.
For example, “A kid’s height is 100cm” means nothing.
“The height of a kid is 100cm in while the height of more than 95% kids is age is 90cm or less” means he is TALL.
3
Metrics Representation
We get the most value from Metrics when we investigate the root causes for measurements that deserve our attention.
Correct representation of metrics can make obvious when a measurement deserves investigation.
Unfortunately, many representations of metrics hide meaning instead of highlighting it.
4
Metrics Representation
There are 15 main metrics for a process or a control.
It is not practical to represent every metric for every control or process in an ISMS when there is a large number of controls.
It is therefore necessary to choose and find a compact way to represent metrics in order to gain situational awareness.
Note: The canonical list of security metrics will be published early 2014 in a white paper.
5
Metrics Representation
The interpretation of a metric always renders one or several of the following meanings:
Current Value: Normal or Abnormal. Satisfactory or Unsatisfactory.
Trend: Better or Worse. Increase or Decrease.
A good use of color and arrows can represent this in a compact a visually evident way.
Telling issues to investigate from those that require urgent attention evident brings added value to the dasboard.
6
Metrics Representation Some metrics correlate with value, some not,
for example; Without value:
Number of drops in a firewall. Fewer drops doesn’t we are not being attacked.
Number of viruses cleaned. More viruses cleaned doesn’t mean systems are cleaner.
With value: Backups performed. The more backups, the more
data can be recovered. Authorized logins successful. When authorized
people can login, they can work.
7
Metrics Representation When a metric does not correlate with value we have
the following meanings: Current Value:
Normal or Abnormal. Trend:
Increase or Decrease.
When a metric correlates with value we have the following meanings:
Current Value: Satisfactory or Unsatisfactory.
Trend: Better or Worse.
8
Metrics Representation
When a metric is not about value it can be represented using a square.
When a metric is about value it can be represented using a circle.
9
Metrics Representation
Normal / Abnormal is a distinction that can be represented using Blue (Normal), Grey (Abnormal) and Black (Abnormal) for urgent Action.
Satisfactory / Unsatisfactory is a distinction that can be represented using Green (Satisfactory), Yellow (Unsatisfactory) and Red (Unsatisfactory) for urgent Action.
10
Increase / Decrease trends is a distinction that can be represented using an arrow colored depending if the trend makes the current situation likely to stay.
Better / Worse trends is a distinction that can be represented using an arrow colored depending if the trend makes the current situation likely to stay.
Metrics Representation
11
Metrics Representation
The direction of the arrow indicates the type of change.
The color of the arrow indicates what that means.
A straight up or down arrow indicates the need for urgent action.
Examples:
12
Metrics Representation
Exercise: Guess what the following mean:
13
Metrics Representation
Solution:
Abnormal, Increasing towards Normal, Urgent Action
Abnormal, Decreasing towards Normal
Normal, Decreasing
Unsatisfactory, Getting better, Urgent Action
Satisfactory, Getting worse
Unsatisfactory, Getting worse fast, Urgent Action
14
Metrics Representation
To summarize, any Security Metrics work is incomplete unless the representation of metrics in DashBoards and Progress Reports makes the meaning as obvious as possible.
It is possible to use colors and shapes to highlight meaning in a very compact way.
15
Learn to implement High Performance Security Management Processes http://cli.gs/ism3
Web www.inovement.esVideo Blog youtube.com/user/vaceitunoBlog ism3.comTwitter twitter.com/vaceitunoPresentationsslideshare.net/vaceituno/presentations
Articles slideshare.net/vaceituno/documents