What: CHICAGO Metrics® is here to help you protect your data and sensitive information by prioritizing your IT and Information Security risks and enabling YOU to tell a better story.
How: With a solid toolset and metrics program that speaks to all levels from engineer to the Board.
Why: Because we believe from the front lines to the Board room IT and Information Security leaders have to be able to tell their story in order to gain support, funding, and resources as they enable the business to move faster.
How: With a solid toolset and metrics program that speaks to all levels from engineer to the Board.
Why: Because we believe from the front lines to the Board room IT and Information Security leaders have to be able to tell their story in order to gain support, funding, and resources as they enable the business to move faster.
Member Feedback and Results
Following an Executive Report Out:
Post Feature Release:
- First thing they wanted was the “single risk score”, so the bottom-line maturity metric appeals to them.
- Second point they really liked is the next-layer drill down to the 6 core component metrics, to begin to see where gaps are but still at a high level.
- Third thing they really liked (which I pointed out because I knew they would!) is the H metric … they are always concerned with the human morale and productivity impact of what security does.
Post Feature Release:
- The dashboard filtering, it is helpful as I continue to construct my first “Baseline canonical measures set” … I am using earlier month dates as my playground, and now can see the effects of different approaches.
Who: $1.6B academic medical center
What: Their CISO needed to show progress for the investments they were making. Instead of building a program they brought on CHICAGO Metrics®.
Results: One day after deployment they had a picture of the state of the information security program. They then ranked their risks from High to Low and then reversed ranked the effort for each risk from low to high giving them the priorities for the next 12-18 months.
What: Their CISO needed to show progress for the investments they were making. Instead of building a program they brought on CHICAGO Metrics®.
Results: One day after deployment they had a picture of the state of the information security program. They then ranked their risks from High to Low and then reversed ranked the effort for each risk from low to high giving them the priorities for the next 12-18 months.
Who: $4.7B global manufacturer
What: Their CISO was told by the Board they needed to produce metrics by next quarters Board meeting.
How: Instead of building a program, they brought on CHICAGO Metrics®.
Results: The CISO was able to produce a set of metrics that aggregates the results into KRIs that tie directly to the business. The CISO remained in place for over 5 years.
What: Their CISO was told by the Board they needed to produce metrics by next quarters Board meeting.
How: Instead of building a program, they brought on CHICAGO Metrics®.
Results: The CISO was able to produce a set of metrics that aggregates the results into KRIs that tie directly to the business. The CISO remained in place for over 5 years.
Who: $65MM non-profit healthcare company
What: They were looking for a way to better explain what IT was delivering for the business besides basic technology services and manage their information security risks.
How: Brought on CHICAGO Metrics® and had a reportable baseline the first week.
Results: The IT department, based on internal NPS survey, is a best in breed shop. Their executive team understands what they are doing and providing value to the organization.
What: They were looking for a way to better explain what IT was delivering for the business besides basic technology services and manage their information security risks.
How: Brought on CHICAGO Metrics® and had a reportable baseline the first week.
Results: The IT department, based on internal NPS survey, is a best in breed shop. Their executive team understands what they are doing and providing value to the organization.
CHICAGO Metrics® is a program to help you to have a better conversation with business leadership in terms that they understand. Translate between executives and technicians with a solid metrics program that takes any number of tactical metrics and aggregates them into the six business aligned Key Performance/Risk Indicators: Confidentiality, Human Resources, Integrity, Character, Availability, and GOld. Use LEAN IT Tools to tell a better story to technicians and your end-users. Use a fill-in-the-blank policy set to manage your program and meet the needs of your auditors. Complete the cycle by leveraging strategic planning tools to show executives you have a plan.
Next time your executive team or Board asks you, "How secure are we?", give them your CHICAGO Score™!
Next time they ask you, "How is IT helping us?", give them your CHICAGO Score™ and show how IT is enabling the business!
Executive Membership includes one-year of full access to the CHICAGO Metrics® Program:
CHICAGO Metrics® has a library of policies, procedures, standards, and guidelines to operate your IT organization. Executive Membership includes documents with alignment to:
We also are providing the tools, as part of a Executive Membership, to establish good processes for good people to follow to implement solid technology.
Next time your executive team or Board asks you, "How secure are we?", give them your CHICAGO Score™!
Next time they ask you, "How is IT helping us?", give them your CHICAGO Score™ and show how IT is enabling the business!
Executive Membership includes one-year of full access to the CHICAGO Metrics® Program:
- CHICAGO Metrics® Tracking Tool - Basic Membership Available Here
- CHICAGO Score™ Dashboards
- CHICAGO Maturity Model
- A3 Reporting Template
- Risk Register
- Risk Score using Likelihood and Impact Mapping Tool
- Effort Score using Time and Cost Mapping Tool
- ROI Calculator
- Magic Quadrant Visual Display Chart
- Threat Heat Map Tool
- Vendor Risk Assessment Platform
- NIST CSF Assessment Tool
CHICAGO Metrics® has a library of policies, procedures, standards, and guidelines to operate your IT organization. Executive Membership includes documents with alignment to:
- NIST 800-53r4 (all levels) - Sample
- HIPAA - Sample
- ISO 27001 (coming soon)
- PCI DSS 3.2 - Sample
- AOPO - Sample
We also are providing the tools, as part of a Executive Membership, to establish good processes for good people to follow to implement solid technology.
- LEAN IT Tools
- 3 Year Plan/Strategy Building Tools
The six CHICAGO Metrics'® Key Performance/Risk Indicators -
|
ConfidentialityProtecting intellectual property, PII, PHI, customer data, PCI data, etc. can be a challenge. Understanding how each tactical metric impacts this risk indicator can better drive resource allocation.
|
Human ResourcesEvery organization has people to get their jobs done and managing them is important to the organization to ensure these resources are fully being leveraged. Reducing risk in this area will ensure people are productive, happy, and efficient.
|
|
|
IntegrityEnsuring that data has not been changed is important for any organization. This can range from design/manufacturing specs to government reporting documents. Informally, "Keeping the bad guys out", is paramount to any organization.
|
CharacterManaging character or reputation risk is important for every organization. It has been said that there is no such thing as bad press. However, some organization have felt the sting of public opinion. Reducing the risk to an organization's character can equate to real dollars.
|
|
|
Availability
Your organization has spent incredible amounts of money on infrastructure in order to deliver information via technology. If none of it is available all of that expense and effort is for not. Manage the risk in this area and keep the systems running, the people working, and the business successful.
|
|
Gold
In the for-profit world the goal is to create shareholder value. In the non-profit world if there is no margin there is no mission. In any organization managing the Gold, finances, is important. Understanding the risks that have a significant financial impact is looked upon favorably by leadership.
|
|
Confidentiality, Human Resources, Integrity, Character, Availability, Gold™ is a trademark of CHICAGO Metrics®.