KRAs with Outcomes (Jobs which brings value to the organization) |
|
|
Domain |
KRA (Key Result Ares) |
KPI (Key Performance Indicator) |
Minimizing Business Impact |
Minimizing Business impact due to Cybersecurity issues. |
- Business Loss due to Cybersecurity issues. (% of EBITDA)
|
Security Review |
Review of Service requests and New Projects w.r.t Cybersecurity |
- Requests reviewed within SLA (%).
- Projects reviewed within SLA (%).
|
Ensure Compliance |
Compliance to Legal and Regulatory guidelines related to Cybersecurity |
- Compliance to Legal and Regulatory guidelines. (% compliance against total requirements)
- Timely communication and co-ordination with the regulatory agencies (%).
|
Ensuring effectiveness of Security Controls |
Ensuring security controls are effective for endpoints, servers, and network. |
- Ensuring Coverage of endpoint security agents (%)
- Ensuring Coverage of Server security agents (%)
- Ensuring policy review and other effectiveness measures of network security (%)
|
Vulnerability Remediation |
Closure of Identified vulnerabilities |
- % Of Vulnerabilities closed as per policy requirement.
|
Cybersecurity Awareness |
To facilitate and nurture deep-rooted cybersecurity culture. |
- To develop relevant processes and systems, and behavioral training to employees to sustain cybersecurity consciousness and culture in the businesses.
|
Cybersecurity governance |
Establish and manage governance in cyber security function |
- Governance MIS report preparation and dissemination as per schedule
(% of reports sent as per schedule)
|
Incident Management |
Managing Cybersecurity incidents for the organization |
- Response to Cybersecurity incidents as per established process and closure within SLAs.
(% of incidents closed within timelines)
|
Budget Governance |
Planning and managing the budget for the Cybersecurity function |
- Adherence to the Planned budget
(% deviation from the approved figures)
|