Security Process Data
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- Why collect process data: measurement for oversight
- KPIs vs KRIs: leading and lagging indicators
- The data sources: accounts, backups, training, DR/BC
- Management review and continuous monitoring
KPI vs KRI vs activity measure
| Aspect | KPI | KRI | Activity/implementation measure |
|---|---|---|---|
| Question it answers | Is the control meeting its objective? | Is our exposure rising toward a loss? | Was the work done? |
| Time orientation | Mostly lagging (what happened) | Leading (what is coming) | Point-in-time effort |
| Tied to a threshold | Target/SLA to compare against | Escalation threshold that trips an alert | Usually just a count |
| Example | Mean time to detect; % access reviews on time | Climbing unpatched-critical count; dormant accounts | # scans run; % training completed |
| What it proves | Control performance | Forecast risk before impact | Activity, NOT effectiveness |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
References
- NIST SP 800-55 Vol. 1, Measurement Guide for Information Security: Identifying and Selecting Measures Whitepaper
- NIST SP 800-53 Rev. 5, Security and Privacy Controls (AC-2 Account Management) Whitepaper
- NIST SP 800-50 Rev. 1, Building a Cybersecurity and Privacy Learning Program Whitepaper
- NIST SP 800-137, Information Security Continuous Monitoring (ISCM) Whitepaper