Metrics & KPIsInformation security
18 KPIs
% of backup operations that are successful
% of obsolete user accounts
% of physical backup / archive media that are fully encrypted
% of secure third party connections
% of systems covered by antivirus/antispyware software
% of systems with latest antivirus/antispyware signatures
% of test backup restores that are successful
Age of backup
Average time between tests of backup
Average time to restore backup
Average time to restore off-site backup
Information security costs as a proportion of total revenue or IT budget
Information security policy deployment and adoption
Number of complaints regarding breaches of customer privacy
Number of information security-related risks
Proportion of information security risks for which satisfactory controls have been fully implemented
Relative proportions of risks identified
Time lag between detection, reporting and acting upon security incidents