PM-06-727 Information Security Measures of Performance
Information Security Measures of Performance
PM-06-727
Information Security Measures of Performance
Program Management
Protect
Enterprise Architecture, Roadmap and Emerging Technology
NOT SELECTED
P1
Yes
February 15, 2018
The chief information security officer monitors and reports on information security key performance indicators to the chief information officer monthly and the agency director annually.
Management has not aligned the technology architecture with corporate strategy or external threats.
The organization develops, monitors, and reports on the results of information security measures of performance.
The organization has Periodic reporting and performance measurement mechanisms in place.
The state organization develops, monitors, and reports on the results of information security measures of performance.
Obtain Information security program policy; procedures addressing development, monitoring, and reporting of information security performance measures; information security performance metrics; information security performance measures; results of information security performance measures; other relevant documents or records and ascertain if:
(I) the organization develops information security measures of performance;
(ii) the organization monitors information security measures of performance; and
(iii) the organization reports on the results of information security measures of performance.