Cyber Security Metrics Refresh

Cyber Security Metrics Refresh

BP Global - Digital Security

« Back to projects

Solutions Summary

  • IT Strategy development review and validation
  • Strategic assurance benchmarking and decision support
  • Performance management frameworks Balanced Scorecards dashboards and reporting
  • Business case development and validation
  • Risk Optimisation
  • Risk Optimisation
  • Risk Governance
  • Continuous Improvement
  • Establishing accountability and oversight
  • Capability and skills planning

The Challenge

After the appointment of a new Group CISO and significant investment in their Cyber Security capability, BP were faced with the challenge of assuring the delivery of an aggressive and wide reaching Cyber Security Strategy across a global team.

Ziran were commissioned to review the existing Cyber Security Governance Reporting and to establish a new service. This would provide senior management and the Board with accurate reporting and metrics that would allow them to manage the various cyber security threats and risks that faced the organisation.

Appointed to the Strategy and Operational Excellence team, we undertook a comprehensive review of the reporting framework and associated metrics for assuring the delivery of BP's Cyber Security Strategy.

Our Contribution

  1. Delivered a new scalable reporting framework and Cyber Security Scorecard to ensure the alignment of performance metrics to the various Security Strategies and supporting policies.
  2. Simplified the production process and reports; improving the quality of information for insight and performance management purposes and enabling greater management accountability.
  3. Implemented a Development and Release Cycle for new metrics and agreed roadmaps for future enhancements.
  4. Established and road-tested appropriate metrics for key Digital Security teams and functions, including the Operations Centre, Risk Assurance, Strategy and Threat Analysis teams and Cyber Security Resilience Programme.
  5. Worked with the Digital Security Operations Centre to understand the relationships between various intelligence and risk metrics. Helped translate this for the leadership team to enable them to identify changes in threat landscape and the effectiveness of BPs response.
  6. Reviewed technology automation options and built the business case for building a central Cyber security data warehouse and reporting platform.
  7. Supported the organisational design for the Governance and Operational Excellence Team by defining the Metrics and Reporting Service Catalogue and staffing requirements


Ziran : the agile IT governance and management consultancy.

Whether you know what you want, or would like simply like to have a chat, we'd love to hear from you!