List of Information Security Metrics to Track


  • Information Security Budget as Percentage of IT Budget


Patch Management

  • Average — Length of time to patch systems

Vulnerability Management


  • Percentage of managed systems checked for vulnerabilities in accordance with the organization’s policy


  • Average — Length of time for the organization to mitigate identified Hackerone Submitted vulnerabilities.

Access Control and Identity Accessment Management (Okta)

  • Average Number of Account Lockouts

Data Management

  • Percentage of cyber resources which are backed up

Business Continuity and Disaster Recovery

  • Percentage of information systems for which annual testing of contingency plans has been conducted.

Change Management

  • Mean-time to Complete Changes



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store