Versions Compared

Old Version 17

changes.mady.by.user Robert W Smyser

Saved on

compared with

New Version 18

changes.mady.by.user Robert W Smyser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0
Wiki Markup
h2. Overview of IT Security Services' Metrics Development

...

Contents

The Metrics Framework table below organizes the current list of ITSS metrics into a quasi-balanced scorecard format that is consistent across the areas in CSS.   Columns in the table are individual lines of business, usually headed by a Team Leader.  A second piece of the framework is a sub-section on metrics definitions and further documentation if needed about how they are produced. 

The actual values for these metrics are shown in a series of tables in the next section, where we present up to five quarters of data if it is available. 

.

Metrics Framework

In the table below, the left column marks off the "balanced scorecard" quadrants in our metrics framework.  Adjacent columns list by "line of business" the current roster of existing or potential metrics.  The metrics are in various states of development --
- bold face indicates "operational" metrics, with a defined means of production, and a historical record;
- normal face are for "possible" metrics, that aren't well established now but could be with a small development effort using existing systems;
- italic face  shows "prospective" metrics, desirable metrics that don't now have a path to becoming established.

New metrics ideas can be introduced at any time.  Continuous improvement efforts seek to move prospective metrics to possible, and possible to operational, within the normal operations of the teams involved.

...

Metrics Quadrant

...

DMCA

...

Net-Security

...

Stopit

...

Info-Protect

...

Client Satisfaction or
Programmatic Outcomes

...

Type of Risk Exposure averted

...

Type of Risk Exposure averted

...

# of days since a major spill?

...

Resource Utilization
... of Team Services
(market penetration)
(utilization of the team by MIT)
(client uptake)
(event demographics)

...

Net-Security tickets 

...

StopIT tickets 

...

Resource Utilization
... of Tools and Resources

...

Ratio of Incidents to agents?

...

Ratio of Incidents to agents?

...

Level of effort per incident?

...

Process Performance

...

Finances

...

 

...

 

...

 

Definitions and Means of Production

The ITSS Metrics Definitions page holds a table listing metrics we have in some detail, and identifying measures we'd like to build. 

Five (or more) Quarters of Measures Presentation

...

Office Excel
gridfalse
nameITSS metrics.xls
comment


h3. Contents


The Metrics Framework table below organizes the current list of ITSS metrics into a quasi-balanced scorecard format that is consistent across the areas in CSS.   Columns in the table are individual lines of business, usually headed by a Team Leader.  A second piece of the framework is a sub-section on metrics definitions and further documentation if needed about how they are produced. 


The actual values for these metrics are shown in a series of tables in the next section, where we present up to five quarters of data if it is available. 

.

h3. Metrics Framework

In the table below, the left column marks off the "balanced scorecard" quadrants in our metrics framework.  Adjacent columns list by "line of business" the current roster of existing or potential metrics.  The metrics are in various states of development \-\-
*\- bold face* indicates "operational" metrics, with a defined means of production, and a historical record;
\- normal face are for "possible" metrics, that aren't well established now but could be with a small development effort using existing systems;
_\- italic face_  shows "prospective" metrics, desirable metrics that don't now have a path to becoming established.

New metrics ideas can be introduced at any time.  Continuous improvement efforts seek to move prospective metrics to possible, and possible to operational, within the normal operations of the teams involved.

|| Metrics Quadrant || DMCA \\ || Net-Security || Stopit || Info-Protect \\ ||
| Client Satisfaction or \\
Programmatic Outcomes \\ | _Type of Risk Exposure averted_ \\ | _Type of Risk Exposure averted_ \\ | _Type of Risk Exposure Averted_ \\
\\ | _\# of days since a major spill?_ \\ |
| Resource Utilization \\
... of Team Services \\
(market penetration) \\
(utilization of the team by MIT) \\
(client uptake) \\
(event demographics) \\ | *DMCA tickets*  \\
\\
\\ | *Net-Security tickets * | *StopIT* *tickets * | _\# of info-protect incidents_ \\
\\
_ratio of_ _types of exposure (SSN, credit card #s, accounts and passwords, etc.)_ \\
\\
_typical size of exposure{_}s (n of records, etc.) \\
\\
_Ratio of finding types (no breach, breach + notification, etc.)_{_}ratio of Attack types (malware, password sniffer, bank account sniffer, social engineering, etc.)_ \\ |
| Resource Utilization \\
... of Tools and Resources \\ | _Ratio of Incidents to agents_? \\
\\ | _Ratio of Incidents to agents_? | _Ratio of Incidents to agents_? | _Level of effort per incident?_ \\ |
| Process Performance \\ | _Avg Backlog_ \\
\\
_Avg Time to Resolve_ \\ | _Avg Backlog_ \\
\\
_Avg Time to Resolve_ | _Avg Backlog_ \\
\\
_Avg Time to Resolve_ | _Backlog_ \\
\\
_Avg Time to Resolve_ \\ |
| Finances \\ | \\ | | | |



h3. Definitions and Means of Production

The [ITSS Metrics Definitions|https://wikis.mit.edu/confluence/display/CSS/ITSS+Metrics+Definitions] page holds a table listing metrics we have in some detail, and identifying measures we'd like to build. 


h4.










































h2. Five (or more) Quarters of Measures Presentation



----
{anchor:ITSS-metrics}
{viewxls:name=ITSS metrics.xls|grid=false}
{comment}








{viewdoc:name=ITSS metrics.doc}
{comment}
Panel

Team Leaders upload fresh versions of their metrics documents here.

...



----
{panel}
Team Leaders upload fresh versions of their metrics documents here.
{panel}
{attachments:old=true|upload=true}


----
h3.