Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Adaptive Metrics Develop metrics that determine how well we are adapting to our ever-changing environment. Fitness Functions Identify dependencies and requirements for optimum productivity around the Laboratory. Measure the impact of a localized failure of one entity across the entire organization. Balanced Score Card Review our program from a balanced perspective. Provide metrics by which we can manage. Optimizing Performance Management Gina Fisk, LANL Senior Cyber Security Manager [email protected]
Optimizing Performance Management Gina Fisk, LANL Senior Cyber Security Manager [email protected]. Adaptive Metrics Develop metrics that determine how well we are adapting to our ever-changing environment. Fitness Functions - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Operated by Los Alamos National Security, LLC for NNSA
U N C L A S S I F I E D
Adaptive Metrics Develop metrics that determine how well
we are adapting to our ever-changing environment.
Fitness Functions Identify dependencies and requirements
for optimum productivity around the Laboratory.
Measure the impact of a localized failure of one entity across the entire organization.
Balanced Score Card Review our program from a balanced
perspective. Provide metrics by which we can manage.
Operated by Los Alamos National Security, LLC for NNSA
U N C L A S S I F I E D
Starting Point – Remove the Clutter
Remove metrics that we can’t use to manage our information security program.
How many customers called our help desk. How many connections were deflected by our firewall. How many times our network was scanned, etc.
Bin the remaining metrics into the BSC framework for a Phase I BSC.
Financial. Customer. Internal Processes. Learning and Growth.
2
Operated by Los Alamos National Security, LLC for NNSA
U N C L A S S I F I E D
Determine Impacts of Failure Conduct IT Impact Analysis
Determine the cost to an organization if various IT services failed for variable lengths of time.
Network, Email, local storage, etc.
Calculate Impact Rating for each IT Service. 1/n, where n is the average number of days until an
organization has lost 100% of productivity. Calculate the Daily Monetary Impact of the
Loss of that IT Service for an organization. Calculate the overall productivity cost for the
Laboratory as a whole based on that loss.
3
Operated by Los Alamos National Security, LLC for NNSA
U N C L A S S I F I E D
Focus Areas From IT Impact Analysis results, identify IT
Services with largest impacts to productivity. Loss of Accreditation of systems Loss of local network access Loss of Email Loss of Oracle Loss of Internet access
Goals that the CIO and CISO had set for the organization in the Strategy Map.
Develop metrics based on these focus areas and develop Phase II of the BSC.
4
Operated by Los Alamos National Security, LLC for NNSA
U N C L A S S I F I E D
Information Security Strategy Map
5
INTERNAL AND PROCESS PERSPECTIVE
LEARNING AND GROWTH PERSPECTIVE
LG1. Attract, develop, and retain highly skilled security
professionals
LG2. Develop risk-focused and customer-centric culture
LG3. Align employee training with strategic
initiatives
CUSTOMER PERSPECTIVE
Competency Contribution
IP1. Streamline compliance program to achieve 100% of
scheduled accreditationsIP2. Optimize operations to
reduce KTLO by 10% per BUIP3. Enhance performance through implementation and
management of service agreements
Achieve Operational Excellence
IP4. Mature IT governance processes and increase partner
participationIP5. Build a structured, transparent
and collaborative regulator relationship
IP6. Promote transparency and performance through holistic
metrics program
Create and Support Internal Programs and External Partners
IP7. Propose and deliver business-enabling information
security solutionsIP8. Mature IT risk program to drive security, portfolio, and
governance decisionsIP9. Enhance red network
monitoring and vulnerability management
Deliver Innovative Security Solutions
FINANCIAL PERSPECTIVE
Competitive Advantage Operational Excellence
C1. “Understand and consistently deliver
what I need”
C2. “Keep me out of security and
compliance trouble”
C3. “Establish a positive reputation
which will help me with my customers”
C4. “Become a trusted partner by helping me solve my challenging
problems”
F2. Maximize operational efficiency
F4. Facilitating acquisition of new business through best-in-class IT security execution
F3. Minimize IT enterprise risk
Maximize mission enablementby balancing risk and value (F1)
Operated by Los Alamos National Security, LLC for NNSA
Note: BSC target performance scores are represented here for explanatory purposes only
6
Operated by Los Alamos National Security, LLC for NNSA
U N C L A S S I F I E D
Fitness Functions Fitness functions measure the
overall health of an organization by measuring not only performance, but also the performance of those organizations on which we are dependent to achieve our goals. If the performance of one of the dependencies fails, there are ramifications throughout the entire organization.
Using the fitness scores of dependent organizations, we can measure the impact of a localized failure of one entity across the entire organization, providing valuable measurements of the actual cost of security incidents, network outages, etc.
We can trend these scores to evaluate performance at various levels of the organization.
SystemAdministrati
on
SystemAdministrati
on
NetworkServicesNetworkServices
IdentityManagemen
t
IdentityManagemen
t
Scientific Computing
Core Services
Production Cycles
Production Cycles
Visualization Services
Visualization Services
Backups and Storage
Backups and Storage
Security Infrastructur
e
Science and Engineering
C&A Physical Infrastructure
Publications
ContractsPatents
Dep
en
den
cies
Relia
nt
Org
an
izati
on
s
7
Operated by Los Alamos National Security, LLC for NNSA
U N C L A S S I F I E D
Example Fitness Function Framework Fiscal Responsibility (weight: 20%)
Milestones and deliverables (quality, timeliness) Expenditures (percentage over budget)