General discussion

  • Creator
  • #2149300

    Measuring performance within a department


    by fahimdxb ·

    In terms of IT management spanning across Security, IT architecture and design, how does one define end of the year performance criteria for each of the departments? I mean, something that’s more quantitative than qualitative.

    As an example: For the Dept of IT Architecture and Security, how can a CIO effectively measure and gauge at the end of the year, as an overall performance criteria for the Information Security Officer’s role in that department’s management?

All Comments

  • Author
    • #2923012

      Measuring Performance`

      by ebonstorm ·

      In reply to Measuring performance within a department

      In my humble opinion: (A disclaimer and flame reducer) the best way to determine performance is to be:

      a) Clear about the expectations – let the person know what you are expecting with clearly defined metrics of performance.

      b) Define what is considered to be a high quality performance (in your opinion) so that they are able to gauge their performance with your expectations

      c) Don’t wait until a year has passed to review performance of your IT staff. Since IT changes so quickly, more regular monitoring on your part, even if it is unofficial, is a must have.

      d) Define metrics: if you can’t measure it, how do you know its being done? Anything worth doing can be measured quantitatively. Number of viruses destroyed, number of intrusion attempts intercepted, number of unauthorized data requests monitored, etc

      Using your example, I would expect my Information Security officer to keep and extract information from his logs showing how their security protocols keep the environment safe from penetration.

      I would expect a yearly interaction from an outside party reporting on our security and how we could improve it.

      I would expect a report on what security measures are in place and their effectiveness in our environment.

      I would also expect the security officer to show me how he is handling our biggest security risk, our network clients; what training, what materials and what fail-safe technologies are in place if there IS a security breach.

      Hopes that gets you to thinking.

Viewing 0 reply threads