When your information technology security solution alerts you of a breech, that’s great right? It means you can focus on a remedy for the problem and move on, safe in the knowledge that the issue is sorted. But what if the breech is catastrophic? What if the breech consumes all your resources for days of remediation? Wouldn’t it be more effective if your security solution could forewarn you of vulnerabilities so they could be addressed ahead of time, avoiding catastrophe?
Key Performance Indicators (KPI) offer a view regarding the state of an organisation’s environment at any given time. When KPI display positively, it’s safe to assume the system is not experiencing issues. When KPI display negatively, then the system is experiencing issues. Useful data, but again, a ‘current state’ view only.
The benefit of adding Key Risk Indicators
Key Risk Indicators (KRI) offer predictive or leading insight to an impending issue. KRI tie together known business risks, for example; an account in the system with permissions not warranted for usage. KRI will measure whether there are more accounts with this issue, i.e. is there a pattern forming around this potential vulnerability? KRI can activate warnings based on metric thresholds, which in turn alert your team into action – before the issue becomes problematic.
Keep on top of your metrics
Organisations utilising a blend of KPI and KRI metrics, with a concerted focus on KRI will experience improved system health. Subsequent preventive actions can strengthen KPI results and more importantly, remediate issues before they cause damage.