Information Technology Reference
In-Depth Information
Because of this, great effort should be put into getting it right the first time. Because of
the benefits of a well-structured KPI, and the potential damage of a badly engineered KPI,
this effort should be given high priority and be taken seriously. The final KPI doesn't have
to be simple, but it has to be easy to understand. If it is easy to understand, it will be easy
to follow.
Returningtooursecuritybreachexample,ourlastdraftcontainedabuginthatitdidnot
include both the coverage of the intrusion detection system and the number of intrusions
detected. Thus, we revise it to be three KPIs: one that reflects the percentage of subnets
that are covered by the intrusion detection system, one that reflects the total number of in-
trusions, and one that reflects the duration of investigations.
19.2.5 Step 5: Deploy the KPI
The next step is to deploy the KPI, or institute it as policy. This is mostly a communication
function. The new KPI must be communicated to the team that is responsible for the KPI,
plus key stakeholders, management, and so on.
DeployingtheKPImeansmakingpeopleawareofitaswellasputtingintoplace mech-
anisms to measure the KPI. The KPI should be deployed with the assumption that it may
require revision inthefuture,butthis shouldnotbeanexcuse todoabadjobincreating it.
If at all possible, the metrics that are used to calculate KPIs should be collected auto-
matically. This might occur via the monitoring system, or it might be done by extracting
the information from logs. Either way, the process should not require human intervention.
Even if you forget about them, the metrics you need should automatically accumulate for
you.
If the metrics cannot be collected automatically, there are two actions to take. One is to
find a way to ensure that the metrics are collected manually. This could be an automated
email reminder or a repeating calendar entry. The other is to develop a mechanism so that
thecollectionwillbeautomated.Therearenometricsthatcan'tbecollectedautomatically,
only metrics whose collection has not yet been automated.
Once the data is collected, a dashboard should be created. A dashboard is a web page
that shows a visualization of the KPI. It may have related metrics and information useful
for drilling down into the data.
Important KPIs should have a second dashboard, one that is appropriate for large dis-
plays.Installalargemonitorinahallwayorothercommonareaanddisplaythisdashboard
continuously. Such displays should use large fonts and have graphics that are easy to view
from a distance. Such displays serve as an important reminder of the KPIs' status and can
become a point of pride when the KPIs are met.
Search WWH ::
Custom Search