Discover Performance Blog

Welcome to the Discover Performance blog, a resource for enterprise IT leaders who share a passion for performing better. Here you’ll find strategic insights and best practices from your peers as well as from HP’s own practitioners who help others define, measure and achieve better IT performances.

For additional in-depth articles on critical topics for IT executives, visit

Improving your IT security through better measurement and management

This post looks at a how security leaders should evaluate the quality of their efforts. Security—just like other areas of IT management—is fundamentally about people, process, and technology. COBIT 5 says the security process is about defining, operating, and monitoring a system for information security management. This involves protecting enterprise information and in particular, maintaining information security risk to an acceptable level—i.e. in accordance to an established security policy. At its core, the security process involves establishing and maintaining information security roles and access privileges, and performing security monitoring. The goal for this process is to minimize the business impact of operation information vulnerability and incidents. In other words, you need to keep the impact and occurrence of information security incidents within the enterprise’s risk appetite.

Labels: IT Security
Showing results for 
Search instead for 
Do you mean 

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.