Get Tability: OKRs that don't suck | Learn more →

10 OKR examples for It Security

Turn your spreadsheets into OKR dashboards with Tability

Tability is a cheatcode for goal-driven teams. Set perfect OKRs with AI, stay focused on the work that matters.

What are It Security OKRs?

The OKR acronym stands for Objectives and Key Results. It's a goal-setting framework that was introduced at Intel by Andy Grove in the 70s, and it became popular after John Doerr introduced it to Google in the 90s. OKRs helps teams has a shared language to set ambitious goals and track progress towards them.

Formulating strong OKRs can be a complex endeavor, particularly for first-timers. Prioritizing outcomes over projects is crucial when developing your plans.

We've tailored a list of OKRs examples for It Security to help you. You can look at any of the templates below to get some inspiration for your own goals.

If you want to learn more about the framework, you can read our OKR guide online.

The best tools for writing perfect It Security OKRs

Here are 2 tools that can help you draft your OKRs in no time.

Tability AI: to generate OKRs based on a prompt

Tability AI allows you to describe your goals in a prompt, and generate a fully editable OKR template in seconds.

Watch the video below to see it in action 👇

Tability Feedback: to improve existing OKRs

You can use Tability's AI feedback to improve your OKRs if you already have existing goals.

AI feedback for OKRs in Tability

Tability will scan your OKRs and offer different suggestions to improve them. This can range from a small rewrite of a statement to make it clearer to a complete rewrite of the entire OKR.

It Security OKRs examples

You'll find below a list of Objectives and Key Results templates for It Security. We also included strategic projects for each template to make it easier to understand the difference between key results and projects.

Hope you'll find this helpful!

OKRs to fully integrate Abnormal Security tool in SecOps ecosystem with IT partnership

  • ObjectiveFully integrate Abnormal Security tool in SecOps ecosystem with IT partnership
  • KREliminate 75% of detected security threats using the Abnormal Security tool by term end
  • TaskUse Abnormal Security tool to neutralize threats
  • TaskIdentify and analyze detected security threats
  • TaskComplete training on Abnormal Security tool
  • KRAchieve 90% Abnormal Security tool deployment across all IT infrastructure within quarter
  • TaskIdentify systems not yet using the Abnormal Security tool
  • TaskDevelop a staggered implementation schedule for all remaining infrastructure
  • TaskMonitor and report on deployment progress weekly
  • KRConduct 3 collaborative training sessions to foster seamless use and understanding among SecOps team
  • TaskPrepare training materials and exercises
  • TaskSchedule 3 collaborative training sessions
  • TaskDetermine training topics relevant to SecOps team

OKRs to upgrade and streamline physical security operations

  • ObjectiveUpgrade and streamline physical security operations
  • KRIncrease security coverage by 20% through additional surveillance systems
  • TaskInvestigate current surveillance system capabilities and limitations
  • TaskImplement new surveillance systems accordingly
  • TaskResearch and identify potential additional surveillance technology
  • KRDecrease response times to security incidents by 25%
  • KRImplement a digital security management system with 100% staff training completion
  • TaskTrack and achieve 100% training completion
  • TaskChoose a comprehensive digital security management system
  • TaskDevelop an all-staff training curriculum for the system

OKRs to enhance the organization's information technology efficiency and security

  • ObjectiveEnhance the organization's information technology efficiency and security
  • KRIncrease IT systems uptime to 99.9% across all operations
  • TaskIntroduce proactive system performance monitoring
  • TaskRegularly update and patch all software systems
  • TaskImplement robust and diverse backup servers for essential systems
  • KRImplement multi-factor authentication for 90% of users to enhance security
  • TaskGuide users through the multi-factor adoption process
  • TaskChoose a suitable multi-factor authentication system
  • TaskIdentify and classify users based on access levels and security requirements
  • KRDecrease system-related user complaints by 30% through proactive IT support improvements
  • TaskEnhance technical troubleshooting protocols
  • TaskImplement continuous monitoring for system performance
  • TaskDevelop comprehensive IT support training programs

OKRs to implement and maintain SOCII compliance measures

  • ObjectiveEnsure ongoing SOCII compliance
  • KRConduct regular testing and auditing to assess SOCII compliance status
  • KRTrain and educate all relevant teams on SOCII compliance regulations and best practices
  • KRMonitor and promptly address any SOCII compliance gaps or violations identified
  • TaskEstablish a dedicated team to promptly address and resolve any identified SOCII compliance issues
  • TaskImplement corrective measures to address identified SOCII compliance gaps promptly
  • TaskConduct regular audits to identify any SOCII compliance gaps or violations
  • TaskMaintain a vigilant monitoring system to detect any new SOCII compliance violations
  • KRImplement and maintain necessary controls and processes to meet SOCII requirements
  • TaskConduct initial assessment of current controls and processes to identify gaps
  • TaskDevelop and document new controls and processes to fulfill SOCII requirements
  • TaskRegularly monitor and evaluate controls and processes to ensure ongoing compliance
  • TaskTrain and educate employees on the importance and execution of SOCII controls

OKRs to strengthen the company's network security defenses

  • ObjectiveStrengthen the company's network security defenses
  • KRTrain 90% of employees on new network security protocols within the next quarter
  • TaskAssess current understanding of network security protocols among employees
  • TaskImplement training, ensuring participation of at least 90% of employees
  • TaskDevelop comprehensive training program on new security protocols
  • KRImplement two-factor authentication for all user accounts by the end of next quarter
  • TaskPurchase and set up chosen authentication system
  • TaskTrain users on new authentication system
  • TaskResearch best two-factor authentication systems for our needs
  • KRReduce the number of detected security breaches by 80% compared to last quarter
  • TaskImplement an updated, top-quality cybersecurity system
  • TaskProvide comprehensive cybersecurity training for all staff
  • TaskConduct regular, intensive IT security audits

OKRs to enhance physical security capabilities for premise protection

  • ObjectiveEnhance physical security capabilities for premise protection
  • KRTrain 90% of security personnel on new security equipment usage
  • TaskIdentify and list all security personnel requiring training
  • TaskTrack and record training participation and completion
  • TaskSchedule training sessions on new equipment
  • KRImplement surveillance system covering 100% of the premise area
  • TaskTest system thoroughly and adjust as necessary
  • TaskIdentify blind spots and areas requiring camera installation
  • TaskPurchase and install necessary surveillance equipment
  • KRAchieve zero security breaches in the test run of new measures
  • TaskConduct frequent security audits and vulnerability assessments
  • TaskImplement strict access controls and authentication protocols
  • TaskRegularly update and patch all security software and systems

OKRs to enhance the bank's IT security infrastructure

  • ObjectiveEnhance the bank's IT security infrastructure
  • KRImplement multi-factor authentication for 90% of bank's systems
  • TaskTrain IT staff on authentication tech installation and integration
  • TaskIdentify all systems currently lacking multi-factor authentication
  • TaskPurchase needed hardware/software for multi-factor authentication implementation
  • KRConduct cybersecurity training for 100% of IT staff
  • TaskMonitor and record staff training completion rates
  • TaskSchedule training sessions for all IT staff
  • TaskIdentify and engage a reputable cybersecurity training provider
  • KRReduce system vulnerability by 30% with penetration testing and patching
  • TaskPromptly patch identified system vulnerabilities
  • TaskAnalyze results to identify areas of weakness
  • TaskSchedule regular penetration testing for system vulnerabilities

OKRs to seamless integration and deployment of Productiv SaaS application

  • ObjectiveSeamless integration and deployment of Productiv SaaS application
  • KRIdentify and reduce shadow IT instances by 25% using the Productiv app
  • TaskAssemble team to identify current shadow IT instances
  • TaskEstablish plan to reduce shadow IT by 25%
  • TaskUtilize Productiv app for IT management analysis
  • KRValidate Productiv SaaS's compatibility with our systems by the end of week 1
  • TaskExecute a small-scale compatibility test using Productiv SaaS
  • TaskIdentify our system's requirements and Productiv SaaS's specifications
  • TaskAnalyze test results and articulate findings
  • KRSuccessfully train 90% of the IT team on managing the Productiv SaaS application
  • TaskIdentify key features in the Productiv SaaS application for training focus
  • TaskDevelop comprehensive training program for IT team members
  • TaskMonitor and evaluate training progress and effectiveness

OKRs to maintain up-to-date security patches on our infrastructure

  • ObjectiveMaintain up-to-date security patches on our infrastructure
  • KRAssess and catalog current state of security patches within two weeks
  • TaskCreate a comprehensive catalog of findings
  • TaskIdentify all systems and software requiring security updates
  • TaskVerify and document the existing security patches
  • KRImplement 100% of identified necessary security updates by quarter's end
  • TaskDevelop and execute a schedule for updates
  • TaskComplete and verify each security update
  • TaskIdentify all required security updates
  • KRDevelop and initiate routine weekly checks to confirm security patch updates
  • TaskEstablish routine checks for these updates
  • TaskIdentify necessary security patches weekly
  • TaskImplement and confirm successful patch updates

OKRs to improve Identity Access Management for large scale clients

  • ObjectiveImprove Identity Access Management for large scale clients
  • KRReduce access credential errors by 20%
  • TaskIntroduce regular password update reminders for employees
  • TaskImplement a comprehensive access credential training program
  • TaskUpgrade access security software to reduce login errors
  • KRImplement two-factor authentication for 90% of big customers
  • TaskDeploy system to selected clients
  • TaskDevelop and test two-factor authentication system
  • TaskIdentify 90% of biggest clients requiring two-factor authentication
  • KRIncrease security incident response speed by 30%
  • TaskTrain staff in faster threat identification procedures
  • TaskImplement automated threat detection and response tools
  • TaskStreamline incident reporting and escalation processes

It Security OKR best practices

Generally speaking, your objectives should be ambitious yet achievable, and your key results should be measurable and time-bound (using the SMART framework can be helpful). It is also recommended to list strategic initiatives under your key results, as it'll help you avoid the common mistake of listing projects in your KRs.

Here are a couple of best practices extracted from our OKR implementation guide 👇

Tip #1: Limit the number of key results

Having too many OKRs is the #1 mistake that teams make when adopting the framework. The problem with tracking too many competing goals is that it will be hard for your team to know what really matters.

We recommend having 3-4 objectives, and 3-4 key results per objective. A platform like Tability can run audits on your data to help you identify the plans that have too many goals.

Tip #2: Commit to weekly OKR check-ins

Setting good goals can be challenging, but without regular check-ins, your team will struggle to make progress. We recommend that you track your OKRs weekly to get the full benefits from the framework.

Being able to see trends for your key results will also keep yourself honest.

Tip #3: No more than 2 yellow statuses in a row

Yes, this is another tip for goal-tracking instead of goal-setting (but you'll get plenty of OKR examples above). But, once you have your goals defined, it will be your ability to keep the right sense of urgency that will make the difference.

As a rule of thumb, it's best to avoid having more than 2 yellow/at risk statuses in a row.

Make a call on the 3rd update. You should be either back on track, or off track. This sounds harsh but it's the best way to signal risks early enough to fix things.

Save hours with automated OKR dashboards

AI feedback for OKRs in Tability

Your quarterly OKRs should be tracked weekly if you want to get all the benefits of the OKRs framework. Reviewing progress periodically has several advantages:

Most teams should start with a spreadsheet if they're using OKRs for the first time. Then, you can move to Tability to save time with automated OKR dashboards, data connectors, and actionable insights.

How to get Tability dashboards:

That's it! Tability will instantly get access to 10+ dashboards to monitor progress, visualise trends, and identify risks early.

More It Security OKR templates

We have more templates to help you draft your team goals and OKRs.

Table of contents