Skip to main content

Cyber Security Metrics

Below are the 7 metrics listed in the ISMS in more detail

info

Document Creation: 20 September 2024. Last Edited: 20 September, 2024. Author: Tom Mirarchi.
Document Code: CSME. Effective Date: 1 September 2024. Expiry Date: 1 September 2025.

1. Level of Preparedness

  • How many devices are running outdated operating systems or software?
  • How are security controls tested for effectiveness and assurance?
  • How are security policies and procedures updated and communicated to students, and how is compliance monitored?
  • How are we managing data classification and data retention policies, and how are those policies enforced?

2. Intrusion attempts

  • What is the average time it takes to investigate and respond to detected intrusion attempts?
  • What measures are in place to prevent false positives and false negatives in intrusion detection systems?
  • How many unauthorized access attempts have been detected and blocked by the firewall?

3. Security Incidents

  • How is data recovery managed in the event of a security incident, and how are backups tested and validated?
  • How is threat intelligence gathered and used to proactively detect and prevent security incidents?
  • How is Redback Operations’ incident response plan updated and tested to ensure it remains effective and relevant?

4. Mean Time to Detect (MTTD)

  • How long does it take for the team to become aware of security threats and incidents?
  • How are security controls and monitoring tools tuned to improve detection and response times?
  • How are false positives and false negatives addressed in the security monitoring process, and how is this process continually refined?

5. Mean Time to Resolve (MTTR)

  • How long does it to respond following immediate awareness of a cyber attack
  • What are the key steps involved in the incident response process, and how are they tracked and measured?
  • How are stakeholders, such as students and staff informed and kept up to date during the incident response process?

6. Mean Time to Contain (MTTC)

  • How long does it take to contain identified internal and third-party attacks across all endpoints and systems from the time of initial detection?
  • How do we measure improvement in the cybersecurity habits of your staff?
  • How do you measure the reduction in incident frequency?

7. Access Management

  • How is access to sensitive data and systems controlled and monitored, and how is privilege escalation prevented?
  • Are all accounts secured with Muli-Factor Authentication (MFA)?
  • Do we have a password policy addressing common malpractices, such as password recycling and weak passwords?