Validation of the use of KPIs to measure information security management system performance in manufacturing companies

An Information Security Management System (ISMS) compliant with ISO/IEC 27001 requires the development and implementation of an effective system to guarantee the protection of information from threats. The aim of the study was to propose a set of indicators to measure the effectiveness of SZBI safeguards in manufacturing companies. A model for analysing the effectiveness of the SMS was built, which requires significant involvement of the company’s management. Systemic information security management produces the best results, as it involves treating as a whole all processes taking place in the organisation and is consistent with them. A way to measure the degree of information security was defined using indicator analysis and the application of key performance indicators (KPIs). The metrics addressed key areas such as malware protection, quality of passwords and authentication, updating systems and applications, data handling and training. The implementation of a set of indicators makes it possible to diagnose the security system currently in place and identify critical areas for improvement. The model and set of indicators presented in the study can be a helpful tool in maintaining an effective SMS and safeguarding the interests of manufacturing enterprises and their stakeholders.