Some DLP MetricsBy Rich
One of our readers, Jon Damratoski, is putting together a DLP program and asked me for some ideas on metrics to track the effectiveness of his deployment. By ‘ask’, I mean he sent me a great list of starting metrics that I completely failed to improve on.
Jon is looking for some feedback and suggestions, and agreed to let me post these. Here’s his list:
- Number of people/business groups contacted about incidents – tie in somehow with user awareness training.
- Remediation metrics to show trend results in reducing incidents – at start of DLP we had X events, after talking to people for 30 days about incidents we now have Y events.
- Trend analysis over 3, 6, & 9 month periods to show how the number of events has reduced as remediation efforts kick in.
- Reduction in the average severity of an event per user, business group, etc.
- Trend: number of broken business policies.
- Trend: number of incidents related to automated business practices (automated emails).
- Trend: number of incidents that generated automatic email.
- Trend: number of incidents that were generated from service accounts – (emails, batch files, etc.)
I thought this was a great start, and I’ve seen similar metrics on the dashboards of many of the DLP products.
The only one I have to add to Jon’s list is:
- Average number of incidents per user.
Anyone have other suggestions?