Program KPIs
Executive Metrics Dashboard
Proposed cybersecurity program metrics for board and cabinet reporting. Values reflect the documented institutional baseline and strategy targets, not live production dashboards.
SFC Attend remains in beta and is pending IT approval. No operational metrics from that platform are included here. FERPA and audit KPIs will incorporate SFC Attend logging only after formal deployment and governance sign-off.
MFA Coverage
Current
60%
Target
100%
Owner: IT Director
Improving
Microsoft Entra ID dashboard (institutional baseline)
Phishing Click-Through Rate
Current
~25%
Target
< 5%
Owner: CISO
Baseline TBD
Baseline estimate; KnowBe4 post-deployment
Vendor Risk Assessments
Current
0 / 15+
Target
100%
Owner: CISO / Legal
Stable
Vendor risk register (program not yet established)
Mean Time to Detect
Current
Unknown
Target
< 4 hrs
Owner: IT Director
Baseline TBD
Target once SIEM and IRP are operational
FERPA Audit Logging
Current
Informal
Target
100%
Owner: CISO / Registrar
Stable
Banner ERP baseline; SFC Attend post-approval
Program Trajectory
Illustrative projected trajectory for strategy planning. Not sourced from production or beta application telemetry.
Success Framework
6 Months
- · MFA at 100% across Entra ID
- · Documented IR playbook and first tabletop exercise completed
- · Phishing baseline established; click-through rate measured
- · Tier-1 vendor inventory complete
18 Months
- · Phishing click-through below 10%
- · PAM deployed for administrative accounts
- · 100% Tier-1 vendors assessed with SOC 2 on file
Review: CISO, reporting to President's cabinet