PM-06-727 Information Security Measures of Performance

Information Security Measures of Performance

Control ID

PM-06-727

Control Name

Information Security Measures of Performance

Control Category

Program Management

Functional Areas

Protect

Sub-Areas

Enterprise Architecture, Roadmap and Emerging Technology

NIST Baseline Level(s)

NOT SELECTED

NIST Priority

State Implementation Required

Yes

Agency Last Implemented Date

February 15, 2018

Agency Implementation

The chief information security officer monitors and reports on information security key performance indicators to the chief information officer monthly and the agency director annually.

Risk Statement

Management has not aligned the technology architecture with corporate strategy or external threats.

Control Description

The organization develops, monitors, and reports on the results of information security measures of performance.

Control Example

The organization has Periodic reporting and performance measurement mechanisms in place.

State Implementation

The state organization develops, monitors, and reports on the results of information security measures of performance.

Testing Procedures

Obtain Information security program policy; procedures addressing development, monitoring, and reporting of information security performance measures; information security performance metrics; information security performance measures; results of information security performance measures; other relevant documents or records and ascertain if: (I) the organization develops information security measures of performance; (ii) the organization monitors information security measures of performance; and (iii) the organization reports on the results of information security measures of performance.