LET'S TALK!

CHICAGO Metrics® is a program to help you to have a better conversation with business leadership in terms that they understand. Translate between executives and technicians with a solid metrics program that takes any number of tactical metrics and aggregates them into the six business aligned Key Performance/Risk Indicators: Confidentiality, Human Resources, Integrity, Character, Availability, and GOld. Use LEAN IT Tools to tell a better story to technicians and your end-users.  Use a fill-in-the-blank policy set to manage your program and meet the needs of your auditors.  Complete the cycle by leveraging strategic planning tools to show executives you have a plan.

​Next time your executive team or Board asks you, "How secure are we?", give them your CHICAGO Score™!
Next time they ask you, "How is IT helping us?", give them your CHICAGO Score™ and show how IT is enabling the business!

CHICAGO Metrics® Productivity Packages includes one-year of full access to the CHICAGO Metrics® Program:

• CHICAGO Metrics® Tracking Tool
• CHICAGO Score™ Dashboards
• CHICAGO Maturity Model
• A3 Reporting Template
• Quantitative Loss Exceedance Curves
• Risk Register
• Risk Score using Likelihood and Impact Mapping Tool
• Effort Score using Time and Cost Mapping Tool
• ROI Calculator
• Magic Quadrant Visual Display Chart
• Threat Heat Map Tool
• Vendor Risk Assessment Platform
• NIST CSF Assessment Tool

CHICAGO Metrics® has a library of policies, procedures, standards, and guidelines to operate your IT organization.  Executive Membership includes documents with alignment to:

• NIST 800-53r4 (all levels) - Sample
• HIPAA - Sample
• PCI DSS 3.2 - Sample​

​
We also are providing these tools, as part of an Executive Membership, to establish good processes for good people to follow to implement solid technology.  

• LEAN IT Tools
• 3 Year Plan/Strategy Building Tools

About our Platform

CHICAGO Metrics® Tracking

• Aggregates tactical metrics into 6 key CHICAGO business/risk indicators. 
• Risk prioritization through Risk and Effort indicators.
• Organize by business units and teams.

Reporting Dashboard

• Top 5 risks displayed on the top rank from highest to lowest risk and reverse ranked lowest to highest effort.
• Current CHICAGO Score™ and Risk Rating, CHICAGO Maturity Model Level, Scores for each CHICAGO KRI.
• Risk and Effort run chart.
• CHICAGO Score™ run chart with overall score and scores for each KRI.

Quantitative Reporting

• Estimate your risk quantitatively with our Loss Exceedance Curve platform.
• Run several simulations using a Monte Carlo approach
• Show whether your risk tolerances are inline with the risks present in your environment.

Member Results

Vendor Results

Vendor Risk Assessment Platform

• Compare your risk posture to your vendor's program, side-by-side.
• 45 questions, total.
• Automatic scoring.
• Powered by the same CHICAGO Metrics® engine.

ROI Calculator

• Calculate the NPV and Payback Period for a proposed tool or service by by capturing the value of reducing risk.
  
• The calculator takes into account the industry served and company size to determine incident/breach likelihood.
  
• The industry and company size is also used to determine costs in the event of record losses.

Magic Quadrant Visual Display Chart

The Magic Quadrant Display chart is a tool to show your leadership how well your tools (technology) are working and what it will take to improve their performance.  Perhaps that is increased staff or something as simple as training.

Book a 15-min Call today

---

Member Feedback and Results

---

Following an Executive Report Out:

• First thing they wanted was the “single risk score”, so the bottom-line maturity metric appeals to them.
• Second point they really liked is the next-layer drill down to the 6 core component metrics, to begin to see where gaps are but still at a high level.
• Third thing they really liked (which I pointed out because I knew they would!) is the H metric … they are always concerned with the human morale and productivity impact of what security does.

​Post Feature Release:

• The dashboard filtering, it is helpful as I continue to construct my first “Baseline canonical measures set” … I am using earlier month dates as my playground, and now can see the effects of different approaches.

---

Who: $1.6B academic medical center
What: Their CISO needed to show progress for the investments they were making. Instead of building a program they brought on CHICAGO Metrics®.
Results: One day after deployment they had a picture of the state of the information security program. They then ranked their risks from High to Low and then reversed ranked the effort for each risk from low to high giving them the priorities for the next 12-18 months.

---

Who: $4.7B global manufacturer  
What: Their CISO was told by the Board they needed to produce metrics by next quarters Board meeting.
How: Instead of building a program, they brought on CHICAGO Metrics®.
Results: The CISO was able to produce a set of metrics that aggregates the results into KRIs that tie directly to the business. The CISO remained in place for over 5 years.

---

Who: $65MM non-profit healthcare company  
What: They were looking for a way to better explain what IT was delivering for the business besides basic technology services and manage their information security risks.
How: Brought on CHICAGO Metrics® and had a reportable baseline the first week.
Results: The IT department, based on internal NPS survey, is a best in breed shop. Their executive team understands what they are doing and providing value to the organization.

I Want These Results!

Why IT and InfoSec Leaders Choose CHICAGO Metrics​®

1. We are a leading metrics and reporting platform. The CHICAGO Metrics® engine drives the GMIS Accreditation Program®.
2. We take a hands on approach with our on-boarding, to help you:
   1. Setup your metrics
   2. Align the CHICAGO KRIs to your business
   3. Craft your message
3. Get the seat at the table and the resources needed to meet the business's risk profile.