KPI – characteristics
KPIs can also be established arbitrarily, but to be useful it is necessary that they meet the following requirements
Quantifiability (KPIs can be represented as numbers);
Practicability (KPIs must well integrate with the existing corporate process);
Directionality (KPIs can help establish whether or not a company is improving its performance);
Practicality (KPIs must be put in context with the company’s reality to detect actual changes).
During the definition of a security plan through a key performance indicator, the latter must be based on legitimate data and provide a context which should refer to the client’s business goals. Therefore, KPIs must be defined so that the factors which are out of the control (external elements such as security incidents) do not interfere with the realization of business goals. Another key factor consists in having predetermined deadlines which divide the process analyzed in several check-points.
The identification of KPIs within a company is an operation aimed at protecting the company itself by anticipating risk factors, which are obstacles in the business goals realization. This can be seen as a real guide to allow the acquisition of key processes which are necessary for the company to boost its future growth.