Has anyone adopted an insider risk management program? What are you doing to measure success?

Security Strategy & RoadmapRisk Management
2.7k viewscircle icon2 Comments
Sort by:
CIO2 years ago

Yes. I would add to Mr. Katar's comment that we also track the following KPI:

1. The risk rate with a residual score greater than our tolerance threshold.

We also want to know if our decisions are linked to the level of tolerance we have set for ourselves. If the rate is too high, it is probably because our tolerance threshold is too low or because we do not have the financial capacity to mitigate them.

Director of IT in Healthcare and Biotech2 years ago

Here are the main KPI's that I'm tracking - 1) decreased occurrences of data breaches, 2) improved ability to identify anomalous activity, 3) accelerated reactions to situations (time it takes). We've also begun to under training sessions and quarterly assessments to gauge staff's understanding of and adherence to security rules and best practices.

Lightbulb on1

Content you might like

Is "serverless" a term that is actively being used or evaluated within your organization? Comment with your stories...

Yes35%

Yes, but not enough, we want/need to ramp up42%

No16%

No, but I expect this will change soon5%

View Results

As a new-to-role CISO, I am wondering how do you make RACI look better than it looks `on-paper` in your company? What I am specifically looking for is, ways of fostering real collaboration and reaching to consensus between oldies and newcomers in their roles. 

Read More Comments

I'm building most on... share "why" in comments...

Public Cloud72%

Private Cloud27%

How have you calculated ROI of AI solutions (including agents) that you've rolled out at your firm? Are there specific KPI's that you've focused on and how have you measured (and validated) the value?

Read More Comments

We currently have Splunk as monitoring solutions in my workplace, any recommendations/suggestions for KPIs that are specific to database monitoring? (ORACLE&MS SQL)