The security implications of KPIs

While I was setting and reviewing my business KPIs, I had the question pop up in my mind on what were the security implications in the choice of KPIs. This blog attempts to answer that question.

The purpose of Key Performance Indicators (KPIs) is to provide metrics that indicate the relative performance of an organisational component in achieving an objective. They are useful in cybersecurity to ensure security controls are working as expected over time. An example of a good KPI is the number of days required to implement a security patch for software. KPIs have…