One of our readers, Jon Damratoski, is putting together a DLP program and asked me for some ideas on metrics to track the effectiveness of his deployment. By ‘ask’, I mean he sent me a great list of starting metrics that I completely failed to improve on.

Jon is looking for some feedback and suggestions, and agreed to let me post these. Here’s his list:

  • Number of people/business groups contacted about incidents – tie in somehow with user awareness training.
  • Remediation metrics to show trend results in reducing incidents – at start of DLP we had X events, after talking to people for 30 days about incidents we now have Y events.
  • Trend analysis over 3, 6, & 9 month periods to show how the number of events has reduced as remediation efforts kick in.
  • Reduction in the average severity of an event per user, business group, etc.
  • Trend: number of broken business policies.
  • Trend: number of incidents related to automated business practices (automated emails).
  • Trend: number of incidents that generated automatic email.
  • Trend: number of incidents that were generated from service accounts – (emails, batch files, etc.)

I thought this was a great start, and I’ve seen similar metrics on the dashboards of many of the DLP products.

The only one I have to add to Jon’s list is:

  • Average number of incidents per user.

Anyone have other suggestions?

Share: