Performance Measures Assignment Example | Topics and Well Written Essays - 500 words

Performance Measures - Assignment Example of this document is to outline the measurement of the performance as post-implementation metrics of the recommendation, namely: â€Å"Change Organizational Approach to Event Monitoring and Log Analysis† (‘Verizon Report’, 2010). The scope of this document includes role and responsibility of key people in an organization, background of the measure, legislative and strategic drivers, measure development process and its implementation. According to Verizon Report 2010, maximum information security breaches in 2009 showed that in most of the breaches the data is compromised after lapse of several days of the breach. It takes effort and time until these breaches are found. Significantly, people other than the victim makes such discovery. The victim upon information reacts immediately and uses the most important defense that is ID/IPS. However, this measure in most cases intensifies the situation rather controlling it. Furthermore, it is not the only defense that organizations have to curb this problem and relying upon it as a last resort does not solve the problem and eliminate it completely (Solms, 2000). The CIO is responsible to change the approach to tackle breach instance at the organization. CIO should ensure that as a post-attack instance, ID/IPS should not be used instantly and as the only measure to control the situation. Instead, batch processing and log analysis should be undertaken with keen interest to identify any stack of viruses or breaches. The focus should be on ‘mass’ breaches rather ‘individual’. Therefore, proper policy and implementation guidelines have to be circulated to all users in the organization regarding the measures to be taken in case breach takes place and is discovered. Additionally, the CIO has to prioritize and select performance measures and develop the targets for their achievement (‘NIST’, 2008). The role of Senior Information Security Officer is to ensure that the program manager uses the changed approach to