Risk-Based Security
When it comes to compliance, the most important metric for IT professionals is mean-time-to-patch, according to 49% of them.
33% of IT pros spend most of their compliance time determining whether employees violated any policies, which is also a top concern.
Determining whether endpoints are free from malware and viruses is an important metric among 45% of IT pros tasked with protecting against threats.
35% of IT pros say that reducing data breaches is enough of a metric to judge performance even though the numbers don’t always add up.
The trouble with measuring performance on outbreaks is that not all of the outbreaks are discovered. That’s why 35% of IT professionals like to monitor vulnerabilities and eliminate those.
Just 13% of IT pros are concerned about the mean time to detect a security incident, while only 8% measured how long it took to fix a security problem.
52% of IT professionals evaluate performance based on their ability to reduce the cost of security management.
Once again, time is largely an afterthought, with only 5% of IT pros indicating that the length of time to contain security breaches and exploits is measured in their department.
49% of security professionals say they’re judged based on their ability to effectively stay within budget.
IT professionals want business-side employees to receive the proper security training they need to reduce the types of risky behavior that sends corporate networks into lockdown.