Key Risk Indicator (KRI)
Definition
A metric that measures the level or trend of a specific risk exposure. KRIs are often leading indicators: they change before a risk event occurs, giving management time to act. Example: number of critical vulnerabilities unpatched beyond 30 days.
Related terms
- Compliance dashboard
- An automated reporting surface that aggregates metric and control-status data and presents it in a format aligned to one or more regulatory...
- Continuous monitoring
- An automated control framework that applies fraud indicator tests to transactions as they are processed or on a frequent scheduled basis, generating...
- Control effectiveness
- The degree to which a security control achieves its intended objective under real operating conditions. Measured through a combination of design review...
- Key Performance Indicator (KPI)
- A metric that measures how well a specific control or process is performing against a defined target. KPIs are often lagging indicators:...
- SIEM (Security Information and Event Management)
- A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
Explained in
- Security Metrics and Continuous MonitoringA metric that measures the level or trend of a specific risk exposure. KRIs are often leading indicators: they change before a risk event occurs, giving manage...