As a security professional, it is critical that you assess the performance of your security team and keep in-the-know regarding your current security posture, in addition to planning ahead. ‘The Ultimate 2019 Security Team Assessment Template‘ is a first-of-its-kind tool that encapsulates all the major KPIs of the organizational security team’s main pillars, created to make the job of the CIO / CISO easier by saving them time and effort of having to create such a tool from scratch. The template helps measure the performance of security teams over 2019 while creating 2020 performance goals.
Because security teams vary in size and responsibility distribution from organization to organization, and because there is minimal if any consistency across the industry (for example, the responsibilities of the “security analyst” can vary greatly from place to place, the same can be said for architects, managers, and directors ) it is quite challenging to create a template along these lines.
These challenges and others are addressed head-on by ‘The Ultimate Security Team Assessment Template,’ which succeeds in doing so by focusing on functionality. This is done while keeping in mind the two main foundations of the security team: A – ensuring the organization has a sufficient deployment of security products; and B – utilizing these products to get the most prevention, detection, and response as possible.
The following are the roles and responsibilities covered in the template:
Security Analyst Tier 1 2019 Assessment Sample
Security Analyst Tier 1 2020 KPI Sample
As function is more important than title, many organizations have persons carrying out multiple designation responsibilities as seen in the template, i.e. both tier 1 and tier 2 analyst, or Security Architect and SOC Manager. In large-size organizations, for example, Security Architects might have a team under them responsible for network, endpoint and cloud security. There are many potential variations in how security responsibilities can be assigned within any organization. Even so, the foundation of security practice remains the same, which means that CISOS should easily be able to match the functionalities described in the template to their team’s specific structure.
The Security Team Assessment Template (download here) can be used as-is, or CISOs can customize to fit the structure and responsibilities of their organization. Again, this includes both reviewing the 2019 performance points of each team member, while serving as an ideal tool for tracking and monitoring security functions moving forward.
If you find the template a good fit as-is, great. If on the other hand, you find your organizational structure and responsibilities require personalization, you can cut and paste the different responsibilities/KPIs to meet the needs and structure of your team.