Performance Measurement in Cross-Organizational Security Settings

摘要

Measuring IT security management performance is different and usually more difficult than other kinds of measurement. Quantifying IT security in general is difficult, additionally IT infrastructures differ strongly from each other, consist of heterogeneous components and change permanently. However, IT security needs the attention not only from specialized IT security staff, but also from general management. The critical point thus is the development of a set of suitable key performance indicators. This paper describes the creation of a set of performance indicators to be used in cross-organizational security settings on the basis of two qualitative empirical studies. Indicators were developed for organizations acting either as service providers or as service consumers.