Security Metrics and KPIs
Security Metrics and KPIs
Track security effectiveness with meaningful metrics:
#!/usr/bin/env python3
# /usr/local/bin/security-metrics-dashboard.py
import json
import datetime
import matplotlib.pyplot as plt
from collections import defaultdict
import numpy as np
class SecurityMetricsDashboard:
def __init__(self):
self.metrics = {
"operational": {
"uptime": {"target": 99.9, "unit": "%"},
"patch_compliance": {"target": 95, "unit": "%"},
"backup_success_rate": {"target": 100, "unit": "%"},
"certificate_validity": {"target": 30, "unit": "days"},
"configuration_drift": {"target": 0, "unit": "changes"}
},
"security": {
"vulnerabilities_open": {"target": 0, "unit": "count"},
"time_to_patch": {"target": 7, "unit": "days"},
"failed_login_attempts": {"target": 100, "unit": "per day"},
"blocked_attacks": {"target": None, "unit": "count"},
"security_incidents": {"target": 0, "unit": "per month"}
},
"compliance": {
"audit_findings": {"target": 0, "unit": "critical"},
"policy_violations": {"target": 0, "unit": "count"},
"training_completion": {"target": 100, "unit": "%"},
"access_reviews": {"target": 100, "unit": "%"},
"documentation_current": {"target": 100, "unit": "%"}
}
}
def collect_metrics(self):
"""Collect current metric values"""
current_metrics = {}
# Operational metrics
current_metrics["uptime"] = self.calculate_uptime()
current_metrics["patch_compliance"] = self.check_patch_compliance()
current_metrics["backup_success_rate"] = self.check_backup_success()
# Security metrics
current_metrics["vulnerabilities_open"] = self.count_open_vulnerabilities()
current_metrics["blocked_attacks"] = self.count_blocked_attacks()
# Compliance metrics
current_metrics["training_completion"] = self.check_training_completion()
return current_metrics
def calculate_uptime(self):
"""Calculate service uptime percentage"""
# In production, integrate with monitoring system
# This is a simplified example
try:
with open("/var/log/uptime.log", "r") as f:
uptime_data = json.load(f)
total_time = uptime_data.get("total_seconds", 86400)
downtime = uptime_data.get("downtime_seconds", 0)
uptime_percent = ((total_time - downtime) / total_time) * 100
return round(uptime_percent, 2)
except:
return 99.9 # Default value
def check_patch_compliance(self):
"""Check percentage of systems with current patches"""
# Check for pending updates
import subprocess
try:
result = subprocess.run(
["apt", "list", "--upgradable"],
capture_output=True,
text=True
)
if "security" in result.stdout:
# Has security updates pending
return 0
else:
return 100
except:
return 95
def generate_dashboard(self):
"""Generate visual dashboard"""
fig, axes = plt.subplots(2, 2, figsize=(15, 10))
fig.suptitle('Security Metrics Dashboard - ' +
datetime.datetime.now().strftime('%Y-%m-%d'),
fontsize=16)
# Collect current metrics
current = self.collect_metrics()
# Operational Metrics
ax1 = axes[0, 0]
operational_metrics = ["uptime", "patch_compliance", "backup_success_rate"]
values = [current.get(m, 0) for m in operational_metrics]
targets = [self.metrics["operational"][m]["target"] for m in operational_metrics]
x = np.arange(len(operational_metrics))
width = 0.35
ax1.bar(x - width/2, values, width, label='Current', color='skyblue')
ax1.bar(x + width/2, targets, width, label='Target', color='lightgreen')
ax1.set_ylabel('Percentage')
ax1.set_title('Operational Metrics')
ax1.set_xticks(x)
ax1.set_xticklabels(operational_metrics, rotation=45)
ax1.legend()
# Security Trends
ax2 = axes[0, 1]
# Generate sample trend data (in production, read from logs)
days = list(range(1, 31))
attacks_blocked = [np.random.poisson(50) for _ in days]
ax2.plot(days, attacks_blocked, 'b-', linewidth=2)
ax2.fill_between(days, attacks_blocked, alpha=0.3)
ax2.set_xlabel('Day of Month')
ax2.set_ylabel('Attacks Blocked')
ax2.set_title('Security Events Trend')
ax2.grid(True, alpha=0.3)
# Compliance Status
ax3 = axes[1, 0]
compliance_labels = ['Training', 'Audits', 'Reviews', 'Documentation']
compliance_values = [95, 100, 88, 92]
colors = ['green' if v >= 90 else 'orange' if v >= 80 else 'red'
for v in compliance_values]
ax3.barh(compliance_labels, compliance_values, color=colors)
ax3.set_xlabel('Completion %')
ax3.set_title('Compliance Status')
ax3.set_xlim(0, 100)
for i, v in enumerate(compliance_values):
ax3.text(v + 1, i, f'{v}%', va='center')
# Risk Matrix
ax4 = axes[1, 1]
risks = [
("Unpatched Systems", 3, 4),
("Weak Passwords", 2, 3),
("Missing Backups", 4, 2),
("Expired Certs", 2, 2),
("No MFA", 3, 3)
]
for risk, impact, likelihood in risks:
ax4.scatter(likelihood, impact, s=200, alpha=0.6)
ax4.annotate(risk, (likelihood, impact), fontsize=8)
ax4.set_xlabel('Likelihood')
ax4.set_ylabel('Impact')
ax4.set_title('Risk Matrix')
ax4.set_xlim(0, 5)
ax4.set_ylim(0, 5)
ax4.grid(True, alpha=0.3)
# Add risk zones
ax4.axhspan(0, 2, 0, 2, alpha=0.1, color='green')
ax4.axhspan(2, 4, 2, 4, alpha=0.1, color='yellow')
ax4.axhspan(4, 5, 4, 5, alpha=0.1, color='red')
plt.tight_layout()
# Save dashboard
dashboard_path = f"/var/security/dashboards/security-dashboard-{datetime.datetime.now().strftime('%Y%m%d')}.png"
plt.savefig(dashboard_path, dpi=300, bbox_inches='tight')
plt.close()
return dashboard_path
def generate_executive_report(self):
"""Generate executive summary"""
current = self.collect_metrics()
report = {
"generated": datetime.datetime.now().isoformat(),
"executive_summary": {
"overall_security_posture": "Strong",
"key_achievements": [
"99.9% uptime maintained",
"Zero critical vulnerabilities",
"All compliance requirements met"
],
"areas_for_improvement": [
"Reduce time to patch from 10 to 7 days",
"Increase security training completion to 100%",
"Implement additional monitoring tools"
],
"recommendations": [
"Invest in automated security testing",
"Expand security team by 2 members",
"Upgrade to next-generation firewall"
]
},
"metrics_summary": current,
"risk_assessment": {
"high_risks": 0,
"medium_risks": 3,
"low_risks": 5,
"trend": "improving"
}
}
return report
if __name__ == "__main__":
dashboard = SecurityMetricsDashboard()
# Generate visual dashboard
dashboard_path = dashboard.generate_dashboard()
print(f"Dashboard saved to: {dashboard_path}")
# Generate executive report
report = dashboard.generate_executive_report()
with open("/var/security/reports/executive-report.json", "w") as f:
json.dump(report, f, indent=2)
print("Executive report generated")