Knowledge Corner - Measures & Metrics :: SEC: Strategic Security Advisory Services for CSOs

Security Barometer

Are Security Policies more prevalent than Security Guidelines?

Top Downloads

A Risk Quantification Process

Corporate Security Metrics - Key Performance Indicators

Influential Strategies for Corporate Security Series: II

Managing and Defending a Security Budget: Laying a Foundation

The Essentials of a Physical Security Systems Risk Assessment

The Knowledge Corner offers many resources to help you manage risk. Explore the topics offered in the navigation bar or if you can't find what you're looking for, use Find it For Me!™

The icons shown adjacent to the titles of these resources provide information about sources.

= Tools, solutions, research and publications created by Security Executive Council
= Materials created by Security Executive Council strategic alliance partners
= Other material reviewed and deemed relevant to security and risk management executives by the Security Executive Council

Tools
	Performance Dashboard Tool Created By: The Security Executive Council This tool was developed to apprise the enterprise of Security's efforts and value in a way that resonates with the Board and/or senior management. It can also be used as a tool to gather feedback from management on how they perceive Security's performance. Program data is fed into "dashboard dial" indicators of success based on enterprise risk concerns that can be used in presentations. The zip file contains versions of the performance dashboard for both Excel 2003 and Excel 2007. Click here to view a short video describing this resource in more detail.	Resource is for Tier One Leaders only

Research & Benchmarks
	14 Effective Solutions for Creating Successful Security Programs Created By: Security Executive Council This paper highlights brief case studies that depict solutions using Security Executive Council tools and processes. These are based on what the SEC has gleaned in the last 10 years working with security practitioners. At the end of the document don't miss 10 Tips You Can Learn from our Experience with Successful Programs.

	A Preview of Measuring & Communicating Security’s Value, A Compendium of Metrics for Enterprise Protection Created By: George Campbell, Security Executive Council Emeritus Faculty This preview of Measuring & Communicating Security’s Value, A Compendium of Metrics for Enterprise Protection covers such topics as risk reporting to influence corporate policy and behavior, using metrics in partnership with core business strategy and process, and building metrics for impact and results.

	Case Study: Risk Management and Security Metrics at Boeing Created By: Greg Niehaus, Security Executive Council Board of Visionary Leaders; Professor of Insurance and Finance, University of South Carolina Here is an opportunity to get the inside story on building a superior metrics program for a world class enterprise security program. This first ever business case study focusing on security risk is being used at South Carolina's Darla Moore School of Business to introduce students to the security metrics program that is used by Boeing to improve decision making. It also provides insight into their workplace violence program.

	Corporate Governance and Compliance Hotline Benchmark Report I Created By: Security Executive Council How "healthy" is your organization? Receive your complimentary copy of the first Corporate Governance and Compliance Hotline Benchmarking Report. This groundbreaking report examines organizational hotline activity across all major industries. Click here to view a short video describing this resource in more detail.	REGISTRATION REQUIRED

	Corporate Governance and Compliance Hotline Benchmark Report II Created By: Security Executive Council The Security Executive Council announces its second report on corporate hotline data, providing executives a benchmark against which to assess their own governance and compliance hotlines. This year's report includes data on more hotline reports and is organized to make it easier for you to compare your organization's hotline program with like businesses. This second Corporate Governance and Hotline Benchmark Report will benefit all executives who deal in compliance or corporate ethics, so please download it and pass it on to your colleagues. Click here to view a short video describing this resource in more detail.	REGISTRATION REQUIRED

	Corporate Security Organizational Structure, Cost of Services and Staffing Benchmark Created By: The Security Leadership Research Institute The Security Leadership Research Institute (SLRI) has published ground breaking results of their Corporate Security Organizational Structure, Cost of Services and Staffing survey. The full report covers such metrics as security budgets, staffing, program drivers, governance and oversight. This executive summary provides a glimpse into some of what is contained in the full report. If you participate in the SLRI surveys you can receive the next edition of the full report. For more information about SLRI click here TIER 1 LEADERS: Log-in to obtain your copy. OTHER VISITORS: Click the title to order this SEC resource.	Resource is for Tier One Leaders only

	Driving Excellence in Enterprise Security Created By: George Campbell, Security Executive Council Emeritus Faculty This paper provides a starting place for security leaders who are interested in operational excellence or are considering applying it within their programs. It includes: Range of approaches gathered from discussions with a number of Tier 1 Leaders™; insight into how to achieve a critical baseline assessment of security’s value; potential measures of excellence in security programs; and a template to help investigate and identify initial targets for application of operational excellence.

	Enterprise Security Metrics: A Snapshot Assessment of Practices Created By: George Campbell, Security Executive Council Emeritus Faculty This report provides a snapshot assessment on the current use of metrics in corporate security management. This report is limited to the state of security metrics exclusive of information security metrics. While our collective knowledge experiences do include InfoSec - that area of metrics development agenda is more than effectively documented in any number of excellent books and industry sources. This report specifically summarizes our earned experience from corporate security measures and metrics initiatives. Tier 1 Leaders™: Log-in to instantly receive your copy.	2MB

	Finding Value in Security Benchmarking - The Current State of Comparison Research in the Security Industry Created By: George Campbell, Security Executive Council Emeritus Faculty; and Kathleen Kotwica, EVP and Chief Knowledge Strategist, Security Executive Council This executive summary by metrics guru George Campbell and contributing editor Kathleen Kotwica, examines current security management benchmarking practices with the goal of identifying opportunities that maximize the value of collaborative initiatives for the sponsoring organization and its participating partners.

	Operational Excellence in Contract Security Performance Measurement Created By: George Campbell, Security Executive Council Emeritus Faculty George Campbell, an expert in operational security metrics has just completed a report on applying an operational excellence methodology to contract security services. This report contains real-life experience-proven examples of value enforcing KPIs to apply to contract security SLAs. If you have any interest in getting optimal value out of contract security services this is the one report you cannot ignore.

	Persuading Senior Management with Effective, Evaluated Security Metrics Created By: Security Executive Council ASIS just published their well funded survey of available literature on measures and metrics. The most often referenced original material in the report came from the Security Executive Council (SEC). The ASIS publication makes clear to those in the know that the SEC has been leading the industry in research on corporate security measures and metrics for the last ten years.

	Security Measures and Metrics Created By: Security Executive Council Are you trying to benchmark any of these programs? Background screening, Guard force, Investigations, IT security, Physical security, Workplace violence, Other security programs… Are you often asked to calculate the cost of security? Get access to this information by joining the Security Leadership Research Institute. It is free to join; all it takes is a small amount of your time.

	Security Performance Measures and Metrics Created By: Security Executive Council A total of 156 survey participants, including Security Executive Council (SEC) Tier 1 Leaders, answered questions about performance measures security practitioners are using in this benchmark.	Resource is for Tier One Leaders only

	Security's Most Meaningful Metric Created By: Security Executive Council These are the results of a security barometer quick poll the Security Executive Council conducted asking what would be the single most meaningful metric for the security function.

	What Benchmark Data Do You Want? Created By: Security Executive Council A recent Security Barometer polled a large number of security practitioners to gather a list of benchmarking metrics they desired. It also investigated the top reasons why people want to benchmark their programs and services.

Presentation Materials
	Building a Security Measures and Metrics Program, 1st Edition Created By: George Campbell, Security Executive Council Emeritus Faculty Building a Security Measures and Metrics Program discusses the need for and benefits of a corporate security measures and metrics program. This 40-minute video presentation of narrated slides makes the case for a security metrics program: metrics provide invaluable insight on program effectiveness, the means to influence business strategy and policy, and the ability to demonstrate the value of security services to business leaders. TIER 1 LEADERS: Proven Practice presentations were created to be guidelines or training tools. This version is an Adobe file but you may contact us at contact@secleader.com for an online version with audio included from the subject matter expert.	Resource is for Tier One Leaders only

	Companion to Measures and Metrics in Corporate Security, Series1 Created By: George Campbell, Security Executive Council Emeritus Faculty The companions to the book Measures and Metrics in Corporate Security are two series of presentation templates designed to save you time and provide you guidance as you prepare to present metrics information to senior management. The comments provided with every template are messages that the Security Executive Council’s emeritus faculty recommend communicating to executive management during the presentation. A Tier 1 Leader item available for purchase. Visit our store. Click here to view a short video describing this resource in more detail.	Resource is for Tier One Leaders only

	Companion to Measures and Metrics in Corporate Security, Series2 Created By: George Campbell, Security Executive Council Emeritus Faculty The companions to the book Measures and Metrics in Corporate Security are two series of presentation templates designed to save you time and provide you guidance as you prepare to present metrics information to senior management. The comments provided with every template are messages that the Security Executive Council’s emeritus faculty recommend communicating to executive management during the presentation. A Tier 1 Leader item available for purchase. Visit our store. Click here to view a short video describing this resource in more detail.	Resource is for Tier One Leaders only

	Corporate Security Metrics - Key Performance Indicators Created By: Security Executive Council When seeking key performance indicators, you should consider their ability to influence management. Paraphrasing George Campbell, good security metrics become part of our marketing and communications strategy. Here is some guidance for getting started in selecting key performance indicators.

	Security Metrics Presentations Created By: Security Executive Council Use these customizable presentation slides to communicate as managers and advisors on risk. All of our presentation materials have been field tested by experts and were found to resonate with senior management. A Tier 1 Leader item available for purchase. Visit our store.

	Using Benchmarking Information to Enhance and Improve Your Hotline Program (Presentation) Created By: Security Executive Council & The Network A webinar provided by The Network,Inc. and Kathleen Kotwica discussing how to use the information in the 2006 Corporate Governance and Compliance Hotline Benchmarking Report to enhance and improve your hotline program.	Resource is for Tier One Leaders only

Books/Guidelines/Manuals
	A Guide for Building Your Corporate Security Metrics Program Created By: George Campbell, Security Executive Council Emeritus Faculty George Campbell, former CSO of Fidelity Investments, shares some of his experience and expertise in this short primer for security managers. This short guide will set forth a set of steps that security managers should use in building a basic metric program.

	A Preview of Measuring & Communicating Security’s Value, A Compendium of Metrics for Enterprise Protection Created By: George Campbell, Emeritus Faculty This book picks up from where "Measures and Metrics in Corporate Security: Communicating Business Value" left off. It builds on what you learned with real world, practical examples that may be considered, applied and tested across the full scope of the enterprise security mission.

	Measures and Metrics in Corporate Security Created By: George Campbell, Security Executive Council Emeritus Faculty The revised second edition of Measures and Metrics in Corporate Security is an indispensable guide to creating and managing a security metrics program. This book shows how to improve security’s bottom line and add value to the business. It provides a variety of organizational measurements, concepts, metrics, indicators and other criteria that may be employed to structure measures and metrics program models appropriate to the reader’s specific operations and corporate sensitivities. TIER 1 LEADERS: Log-in to obtain your copy. OTHER VISITORS: Click the title to order this SEC resource.	Resource is for Tier One Leaders only

	Measuring and Communicating Security's Value Created By: George Campbell, Security Executive Council Emeritus Faculty A Compendium of Metrics for Enterprise Protection. This book picks up from where "Measures and Metrics in Corporate Security: Communicating Business Value" left off. It builds on what you learned with real world, practical examples that may be considered, applied and tested across the full scope of the enterprise security mission. TIER 1 LEADERS: Log-in to obtain your copy. OTHER VISITORS: Click the title to order this SEC resource.	Resource is for Tier One Leaders only

Articles
	2011 Annual Report for the Security Executive Council Created By: Security Executive Council This year's report covers activities, initiatives and resources in a three page condensed document. The information may be used to learn the kinds of support the SEC can offer you as well as a glimpse into what its members are tackling.	745KB

	A Security Metrics Story: Turning Data into Metrics Created By: George Campbell, Security Executive Council Emeritus Faculty A step-by-step guide on how to build your security metrics program. Demonstrate security’s value through clear alignment with business strategy and objectives.	Resource is for Tier One Leaders only

	Benchmarks Aren’t Magic, They’re Tools Created By: Bob Hayes, Managing Director, Kathleen Kotwica, Security Executive Council Security executives frequently come to us to request assistance in benchmarking their processes or performance metrics with similar companies. Usually we find that their interest is at least partially driven by a strong push from management. Business leaders recognize benchmarking as a proven business practice that can identify competitive strengths and vulnerabilities as well as opportunities for improvement. Benchmarking can inform corporate goal-setting and can play a significant role in strategic planning.	236KB

	Building a Metrics Program that Matters Created By: Security Executive Council Staff Those of us who read this magazine regularly know about security metrics. We have read about their value and seen monthly examples of useful metrics and what to do with them. But, ladies and gentlemen, we are still missing the proverbial boat. Some of us are running alongside as it pulls from the dock, waving our arms and begging it to slow down so we can figure out where the ramp is. Others are across the street at the ticket booth wondering why there are so many people in line.	449KB

	Defining the Cost of Security Created By: Security Executive Council Staff Security professionals discuss techniques for determining security budgets in a world without benchmarks.	213KB

	Delivering Meaningful Metrics Created By: Marleah Blades, Security Executive Council If security continues to mature as a business function, senior management will likely ask for a set of metrics to measure performance. Security leaders should prepare meaningful metrics that inform management and improve security effectiveness. Marleah Blades reports on insight shared from the Next Generation Security Leader program's exploration of the development and communication of meaningful security metrics.	630KB

	Exploring Our Value Story Created By: George Campbell, Security Executive Council Emeritus Faculty Our value has to be connected to our success in measurably impacting risk. What are the measures, and how are you communicating the critical messages? Sure, every program is delivering some statistics — typically lists of incidents or activities that they sell as “metrics.” But real metrics inform by creating a storyline that implies the need for action. Lists are just the nails you use to build these stories.	359KB

	Global Survey of Workplace Hotline Reports Shows Significant Improvements in Some Key Industries – Data Obtained from 650 Companies Created By: Security Executive Council The Security Executive Council's 2007 Corporate Governance and Compliance Hotline Benchmarking Report provides a key set of benchmark data for corporations in 10 industries.

	How to Influence with Metrics Created By: George Campbell, Security Executive Council Emeritus Faculty How will you use the "must have" metrics - both key risk indicators and value indicators - in your organization. You have the data and the results, now how will you use them to influence your business? Think about the results you are seeking, how the measures and data you are communicating are achieving some improved state of security or safety.	337KB

	How to Use Metrics Created By: George Campbell, Security Executive Council Emeritus Faculty CSOs generate security data every day. Knowing what to look for and how to analyze it can spell success for a security operation and the organization it serves.	81KB

	Measuring the Business Value of Security Created By: Geoff Kohl The Security Executive Council weighs in on why security metrics are important to your job.	328KB

	Metrics For Success: Empower Customers Through Awareness Created By: George Campbell, Emeritus Faculty Security has a unique perspective on risk that comes from gathering, analyzing and understanding threat and risk data. This insight obligates us to make our customers aware of the risks that could affect them, especially when those customers control the most sensitive and essential business processes in our companies.	147KB

	Metrics For Success: Working with Customers for Better Access Control Created By: George Campbell, Security Executive Council Emeritus Faculty If you have been reading this column each month, you know of my passion for testing and reporting on the effectiveness of the safeguards we have installed to protect our people and assets. You will not influence anyone with metrics that just count things, but you will with ones that really measure how well you and your customers are meeting your responsibilities to protect the company.	143KB

	Metrics for Success Created By: George Campbell, Security Executive Council Emeritus Faculty Creating security metrics is so important that nearly all security leaders interviewed by the Security Executive Council (SEC) for a recent survey stated it was a top priority for them.

	Metrics for Success - Are your metrics connected to top management’s agenda? Created By: George Campbell, Emeritus Faculty An interesting article from the January/February issue of Financial Executive magazine was sent to me recently. It was written by Ken Daly, the President and CEO of the National Association of Corporate Directors (NACD), the nation’s largest member-based organization for corporate board directors. Those are the guys who sit in judgment of your CEO’s performance, so what they are thinking should be on our radar.	164KB

	Metrics for Success - Measuring guard force operations Created By: George Campbell, Emeritus Faculty One of the largest line items in most corporate security budgets is expense for what I call ""Security Operations"" and what others may refer to as ""guard force"" costs. I am often amazed at the answers I get when I ask, ""What metrics do you have for these activities?"" Typical answers include hours of training, turnover rates, compliance with state certification, rates of conformance to pre-assignment standards and guard tour checks. A deeper dive may reveal hours on patrol or hours of various post assignments.	159KB

	Metrics for Success - Nuisance alarms are more than a nuisance Created By: George Campbell, Emeritus Faculty The reliability of our programs is an essential ingredient of executive confidence and support. If you are looking for a place to focus your quality assurance, shine it consistently on alarm system reliability and response. Whether they be experienced or uninitiated, customers find frequent invalid alarms unacceptable, and they make your responders distrust the validity of calls. When they occur at off-site facilities dependent on law enforcement response, false alarms often cost the company in fines.	206KB

	Metrics for Success - What is a reportable security violation in your organization? Created By: George Campbell, Emeritus Faculty How serious is the notion of compliance in your company? Is your reputation in the marketplace linked to conformance to an established set of laws, rules or standards? Are there protection mandates in the contracts you have with your customers and key suppliers? What are the implications of inadequate security with regard to your insurance? We are a key player in the governance of these internal controls.	193KB

	Metrics for Success - What's state-of-the-art in security metrics? Created By: George Campbell, Security Executive Council Emeritus Faculty File this in the opinion folder. I have always pinned my metrics hunt to that day very early in my CSO career when the boss asked what kind of metrics we had in the can. As I stumbled for a defensible answer, he said, "I want you to think about what metrics we should follow in our organization and why you think they are important for the senior management team." But the more I dig into this security space, the more I have found that measuring and plotting program performance has been an expectation of every boss I've worked for over these past (gulp!) 50-plus years.	183KB

	Metrics for Success-Create a Measures Map Created By: George Campbell, Security Executive Council Emeritus Faculty We have limited time with senior management, so we need creative ways to influence change, to inform and demonstrate our competence. The “measures map” is a visually engaging method of presenting findings from an incident postmortem.	364KB

	Metrics for Success: Accuracy & Integrity Created By: George Campbell, Emeritus Faculty There is an old saying that there are three types of lies: “lies, damn lies and statistics.” I won’t dwell on the obvious downside of lies or damn lies in our job, but I will underscore that statistics, when calculated hastily or from poorly managed data, are no better than lies. We must have accuracy and integrity in our use of data and statistics, or we will undermine our initiatives, our programs and our own standing with senior management.	181KB

	Metrics for Success: Assess the Probability of Business Loss Created By: George Campbell, Security Executive Council Emeritus Faculty Help management to recognize that the business contains vulnerabilities that may affect customers.	362KB

	Metrics for Success: Be a Learning Organization Created By: George Campbell, Security Executive Council Emeritus Faculty Scrutinizing failures using Root Cause Analysis will likely prevent them from happening again. Root cause analysis (RCA) is an established process in quality management, engineering and risk management.	333KB

	Metrics for Success: Build A Risk Indicator Dashboard Created By: George Campbell, Security Executive Council Emeritus Faculty How to provide a single display of the key information a manager needs to monitor a set of security measures.	322KB

	Metrics for Success: Business Alliances and Security's Due Diligence Created By: George Campbell, Security Executive Council Emeritus Faculty Mergers with or acquisitions of other companies, outsourcing of key business processes to vendors and other strategic alliances may align external organizations with the reputation and well being of your company.	148KB

	Metrics for Success: Create a Business Unit Scorecard Created By: George Campbell, Security Executive Council Emeritus Faculty A scorecard can help assess the security of various business units and effectively communicate our findings and recommendations to business leaders.	333KB

	Metrics for Success: Create a security awareness dashboard Created By: George Campbell, Security Executive Council Emeritus Faculty One of the fundamental obligations we have in corporate security is to understand the potential for “what if” and communicate our knowledge and concerns to 1. those who could be affected; and 2. those who have accountability for protecting the assets of the enterprise.	217KB

	Metrics for Success: Demonstrate Security's Alignment with Business Objectives Created By: George Campbell, Security Executive Council Emeritus Faculty It's important to identify products, services and positive results that the security organization brings to help meet the enterprise’s business goals.	155KB

	Metrics for Success: Demonstrate the Effectiveness of Emergency Response Created By: George Campbell, Security Executive Council Emeritus Faculty Employee and invitee safety is a core mission of corporate security. Unfortunately, both business and local government resources are under budget pressure that could potentially impact emergency response. We need to encourage continued support by keeping management apprised of our high performance and readiness to respond.	352KB

	Metrics for Success: Determine the Exploitability of Selected Security Defects Created By: George Campbell, Security Executive Council Emeritus Faculty You can establish standards for protection at key locations and within routine business operations by measuring and tracking weaknesses in those areas.	169KB

	Metrics for Success: Do Business Units Value Security Recommendations? Created By: Marleah Blades, Security Executive Council Staff Our ability to influence internal customers starts and ends with their perception of the effectiveness and value of security programs. We have to test this perception on a periodic basis, because the results provide opportunities to consider the effectiveness of our programs and alternative approaches to both risk and relationship management.	145KB

	Metrics for Success: Don’t Neglect Key Performance Indicators Created By: George Campbell, Emeritus Faculty Key performance indicators (KPI)can be so much a part of a corporate management business strategy. In corporate security, we may employ KPIs in any of several security program areas.

	Metrics for Success: Gain Support by Illustrating Security's Response Time Created By: George Campbell, Security Executive Council Emeritus Faculty You can present security value by showing that security is able to respond most quickly to emergency calls from within the company, thereby saving lives.	358KB

	Metrics for Success: Good metrics tell a story Created By: George Campbell, Emeritus Faculty I am constantly hunting for metrics examples, and I am intrigued by the variety of ways experienced organizations present data. One vital measure of good data is its ability to inform and drive action in a specified direction.	197KB

	Metrics for Success: How good is your customer connection? Created By: George Campbell, Emeritus Faculty The deeper I dig to find the reasons for the lack of workable, meaningful metrics within security organizations, the more I find myself tripping over both institutional and security-imposed roadblocks. Let’s remember that I am talking about security organizations within companies that live and die on performance indicators. What’s up with this?	199KB

	Metrics for Success: Incident Analysis Identifies Business Practice Risk Created By: George Campbell, Security Executive Council Emeritus Faculty Through incident post mortems, we can identify categories of perpetrators and trends in incident type.	321KB

	Metrics for Success: Increase Influence and Protection through Proactive Risk Assessments Created By: George Campbell, Security Executive Council Emeritus Faculty We security professionals cannot sit back and wait for an incident to happen. We are paid to anticipate risk and engage in preventative activities that will eliminate hazards at best, or at least minimize the impact on business operations and employee safety.	325KB

	Metrics for Success: Investing in Security’s ROI Created By: George Campbell, Security Executive Council Emeritus Faculty We hear a lot about the difficulty of documenting Security’s return on investment. Well, take a look at this example.	316KB

	Metrics for Success: Is Your Security Program Viewed as Effective? Warning Signs of Security's Decreasing Influence Created By: George Campbell, Security Executive Council Faculty This article examines signs that security is losing influence with management decision-makers.

	Metrics for Success: It's Time to Get Security Metrics Savvy Created By: George Campbell, Security Executive Council Emeritus Faculty Security-related metrics are a must. Every business needs to develop and deliver measurable results, including security.	174KB

	Metrics for Success: Leading Indicators Created By: George Campbell, Security Executive Council Emeritus Faculty A leading indicator signals a future event — it measures the current state of the market or the business, as well as the future state, in the form of already planned or projected changes. In our world, leading indicators signal future risk of security-related events. They are measurable factors that change before the risk starts to follow a particular pattern or trend.	373KB

	Metrics for Success: Measure Influence by Tracking Recommendations Created By: George Campbell, Security Executive Council Emeritus Faculty Measure security's influence by tracking the recommendations security makes to other business units and determining what percentage are accepted.	151KB

	Metrics for Success: Measuring Security Awareness Created By: George Campbell, Security Executive Council Emeritus Faculty By testing and affirming employee awareness of security responsibilities, we can make sure no one is uncertain of his or her role in enterprise protection.	146KB

	Metrics for Success: Measuring Security Management Performance Created By: George Campbell, Security Executive Council Emeritus Faculty How satisfied are you that your guard services contract has really effective and measurable quality and performance management requirements around prevention and response to incidents? George Campbell gives insight into operational excellence within your security vendor's on-site team.	328KB

	Metrics for Success: Meeting Contract Standards Created By: George Campbell, Security Executive Council Emeritus Faculty Contracted guard force teams are the Security organization to the average customer today and their competence and quality is both highly critical and evident in their interactions.	319KB

	Metrics for Success: Neglect and Apathy - Your Worst Enemy Created By: George Campbell, Security Executive Council Emeritus Faculty Risks become avoidable when we put effective safeguards in place to counter them. They become inevitable when we fail to do our jobs — that is, when we disable or fail to enable essential security measures. This article takes a look at a large retail chain as one example.	321KB

	Metrics for Success: Security Issues in Leased vs. Owned Property Created By: George Campbell, Security Executive Council Emeritus Faculty A company's leasing arrangements may lack the risk-based due diligence appropriate to a standard of protection enjoyed by owned space.	388KB

	Metrics for Success: Security Operations Controls Center Metrics Created By: George Campbell, Security Executive Council Emeritus Faculty There are few functions performed by a corporate security organization that are more critical than the operation of the security operations control center (SOCC). It is here that customer service, first response and risk management combine to provide the most visible and essential corporate security services.	616KB

	Metrics for Success: Showing the ROI of Contract Security Forces Created By: George Campbell, Emeritus Faculty It is great to get feedback on my metrics columns. Let me share some thoughts on a recent e-mail I received from a thoughtful security manager in Arizona: "I can’t think of a more relevant issue for physical security than a series of metrics regarding contract security costs. The one item we’ve never been able to tie down during benchmarking was the ROI related to contract security. Obviously there are many moving parts to the issue, but when my director asks about value vs. cost regarding contract security, we get back to proving the negative (minimal losses to theft, no intrusions, etc.).”	115KB

	Metrics for Success: The Risks of Outsourcing Information Security Created By: George Campbell, Security Executive Council Emeritus Faculty Outsourcing has become a fundamental business strategy for most major corporations, but they often overlook the risks that accrue due to the loss of effective business controls over sensitive activities.	149KB

	Metrics for Success: The risk-aware organization Created By: George Campbell, Security Executive Council Emeritus Faculty Security practitioners often equate security awareness programs with posters in break rooms, intranet alerts and informative brochures on the risk of the month. While these media serve a useful purpose, Security's risk awareness strategy must be significantly more disciplined and structured than a periodic communication exercise.	185KB

	Metrics for Success: Tracking Leading and Lagging Indicators Created By: George Campbell, Emeritus Faculty Senior management and analysts in the businesses we serve are constantly tracking and evaluating a host of economic and programmatic indicators to provide alerts on changes in market conditions that need to be addressed. A leading indicator signals a future event — it measures the current state of the market or the business, as well as the future state, in the form of already planned or projected changes. A popular analogy is the traffic light: A yellow light is a leading indicator of a red light, because yellow always precedes red.	152KB

	Metrics for Success: What is the Return on Your Company’s Security Investment? Created By: George Campbell, Security Executive Council Faculty Having a solid grasp on the likelihood and financial implications of risk directly feeds your ability to gauge the level of protection you should provide. What’s the tradeoff between the cost of protection and the likely consequence of a variety of security incidents?	152KB

	Metrics for Success: What’s the Endgame? Created By: George Campbell, Security Executive Council Emeritus Faculty In a recent security barometer quick poll conducted by the Security Executive Council (SEC), respondents were asked what they thought would be the single most meaningful metric to have for their security function. The overwhelming selection – almost four to one -- was to achieve a “measurable reduction of targeted risk attributable to security initiatives.”	324KB

	Metrics for Success: Who's Accountable for Metrics? Created By: George Campbell, Security Executive Council Emeritus Faculty Where does accountability lie for the maintenance of a proactive measurements and metrics program?	267KB

	Metrics for success - What is the cost of a bad employee? Created By: George Campbell, Security Executive Council Emeritus Faculty The knowledgeable insider is at the top of the list of threats to any organization - public or private. Part of our job is to make business leaders aware of the seriousness of this threat by using metrics that catch their attention. This month's graph measures one small aspect of reputational risk: the time involved in resolving an insider misconduct case resulting in termination for cause.	194KB

	Metrics for success: Measuring alignment using key risk indicators Created By: George Campbell, Security Executive Council Emeritus Faculty Security's "alignment" with the business objectives we serve seems to have some traction in our communications and literature these days. In my various venues of engagement with colleagues, I get a lot of questions about how we can demonstrate with our metrics that we have a positive connection to the core business strategy and objectives.	236KB

	Metrics for success: Security awareness - A few key indicators Created By: George Campbell, Security Executive Council Emeritus Faculty Security's ability to educate and empower their customers in their risk management responsibilities is a fundamental element of any business protection strategy.	207KB

	Metrics for success:Threat assessment: Measuring likelihood Created By: George Campbell, Emeritus Faculty When you think about security threats to your business, which do you think are likely to manifest? What are the probabilities of a specific type of event occurring at a particular location? How do you convey your concerns to management without sounding like Chicken Little yelling that the sky is falling? It is essential that we keep our eye on “what if.”	231KB

	New report offers benchmarks for security budgets, staffing Created By: Whit Richardson, Security Executive Council Staff The average security budget as a percentage of an organization's total revenue is 0.07 percent, according to a new benchmark report released by the two-year-old Security Leadership Research Institute, the research arm of the Security Executive Council.

	No Size Fits All Created By: Marleah Blades, Security Executive Council Staff Corporate campus security is often considered a no-brainer. Some access control, some cameras, maybe some CPTED and a guard force. Some CSOs delegate it entirely to their directors and managers and focus instead on more complicated business issues. But corporate campus security is not one-size-fits-all. Campus size, location and demographics, as well as business sector, facility type and risk factors of nearby businesses and landmarks, are all integral parts of an effective and appropriate corporate campus security plan. Microsoft, for example, makes its home base on one of the world’s largest corporate campuses. With more than 130 buildings spread over more than 15 million square feet centered around Highway 520 in Redmond, Wash., Microsoft’s headquarters campus looks imposing on paper. In all this openness, Mike Howard, General Manager of Global Security, has carved out a role for security that honors the company’s creative, casual culture while protecting the people and assets that make up one of the most recognized brands in the world. “You may spend a day at Microsoft and not be aware of security guards,” Howard says, “but that doesn’t mean Security hasn’t noticed you."	1MB

	Performance Metrics: Why Businesses Want Them and Security Needs Them Created By: Security Executive Council Staff Performance metrics are “critically important” to business leaders, says Greg Niehaus, Professor of Finance and Insurance for the Moore School of Business, University of South Carolina. “In my view it’s very important for business functions to have metrics that tie back to the objectives of the organization – that measure the impact on value and value creation.” If a function fails to develop and effectively communicate performance metrics, says Niehaus, “their contributions to the organization will likely be not appreciated, which, in down times, could lead to cutting of responsibilities or jobs and hurting the value of the organization.”	213KB

	Security Contract Compliance Auditing Created By: George Campbell, Security Executive Council Emeritus Faculty Contracts with product and service suppliers are an integral part of many corporate security service delivery programs; in fact, many companies spend millions of dollars annually for thousands of hours of service from contract guard vendors. Ensuring the effectiveness of performance terms and related compliance monitoring is a critical management objective that requires knowledgeable and engaged resources, along with the right data for performance measurement.	340KB

	Security Executive Insight: Marking the Yardstick Created By: Kathleen Kotwica and Marleah Blades, Security Executive Council Staff The benefits of benchmarking for security are many, but the process has limitations. The council’s International Security Research Database hopes to address benchmarking weaknesses to make it a more valuable and reliable tool for security professionals.	677KB

	Security Metrics in Context Created By: George Campbell, Security Executive Council Emeritus Faculty An excerpt from George Campbell's Measures and Metrics in Corporate Security.	356KB

	Security Metrics: Measuring Performance Created By: Security Executive Council Staff These articles cover the use of tools such as Key Performance Indicators (KPIs) and balanced scorecards to help you set long-term goals and to evaluate and monitor your progress toward achieving those goals, along with sample charts to generate ideas for KPIs.

	The Total Cost Of Security - Accounting For All Security Expenses Created By: Security Executive Council In 2011, a survey by the Security Executive Council’s Security Leadership Research Institute (SEC-SLRI) found that security costs are often vastly underestimated.

	The Value of Metrics Created By: Security Management George Campbell, Emeritus Faculty Member at the Security Executive Council - a consulting firm specializing in security-risk mitigation - discusses his new book, Measuring and Communicating Security's Value, published by Elsevier.	837KB

Forums
	Faculty Advisor: A Missed Opportunity… Selling Your Program and Yourself at a Moment’s Notice Created By: Kenneth Kasten, Security Executive Council Emeritus Faculty I missed a perfect opportunity the other day to sell my department’s security program and myself. I was in line at the company cafeteria when the new Chief Operating Officer got in line behind me and asked who I was and what I did. Unfortunately, it didn’t go as well as I would have liked and now I’m determined to ensure it doesn’t happen again. Any advice? Read Security Executive Council Emeritus Faculty member, Ken Kasten's, answer.

	Faculty Advisor: Communicating Risk Avoidance to Management Created By: George Campbell, Security Executive Council Leadership Faculty How can I maintain management’s attention to the risk that hasn’t happened yet without becoming the "Chicken Little" of the corporate governance team? Read Security Executive Council Leadership Faculty member, George Campbell's, answer to this question.

	Faculty Advisor: Communicating the Value of Security to Management Created By: Nick Proctor, Security Executive Council Emeritus Faculty I'm fairly comfortable that the security function is aligned with our business strategies. However, I'm not convinced that many on the company's management team fully understand the value we deliver. Any suggestions on how best to accomplish this? Read SEC Emeritus Faculty member, Nick Proctor's, answer to this question.

	Faculty Advisor: Defining the Value of Security During the Current Economic Downturn Created By: George Campbell, Security Executive Council Emeritus Faculty My company has done fairly well through the growing pressures of the current economic downturn but it has been made clear that we need to be in for the long haul; management is asking us to identify prioritized targets for cost reductions. Where should I focus my efforts? Read SEC Emeritus Faculty George Campbell's answer to this question.

	Faculty Advisor: Measures and Metrics in Security Created By: Kathleen Kotwica, Security Executive Council EVP and Chief Knowledge Strategist and Bob Hayes, Security Executive Council Managing Director What metrics system might an executive use to monitor the strategies of a business? Read Security Executive Council's Kathleen Kotwica and Bob Hayes' answer to this question.

	Faculty Advisor: Running Security as a Business: Measuring Performance Created By: Herb Mattord, Ph.D., Security Executive Council Content Faculty Expert I recently read something from the Security Executive Council that used the term "running security as a business." Can you elaborate on what that means as it relates to security and what is an example of this approach? Read our SEC Content Faculty Expert, Herb Mattord's, response to this question.

	Faculty Advisor: Security’s Failure to Communicate Value Created By: J. David Quilter, Security Executive Council Emeritus Faculty Like many of my peers, I struggle with the issue of how to effectively demonstrate the bottom-line value that security’s efforts bring to the business. Thoughts? See Security Executive Council Emeritus Faculty member, J. David Quilter's, response to this question.

	Faculty Advisor: Time Utilization and Staffing Capacity Analysis Created By: Bob Hayes, Security Executive Council Managing Director My company is in the midst of a reduction in force (RIF) and security is one of many areas being required to provide senior management with an analysis of time, cost of services and programs and staff utilization. What is the most effective way to approach this exercise, keeping in mind that the goal is to maintain our current level of full-time equivalents (FTEs)? Read Bob Hayes' answer to this question.

	Faculty Advisor: Using Value Metrics to Make the Case for Security’s Return on Investment Created By: Francis D’Addario, Security Executive Council CSO Emeritus Faculty We always strive to show the business side that corporate security is more than just “security tactics.” That what we do is strategic and makes a business contribution. Any thoughts on this? ReadFrancis D'Addario's response to this question.

	Security State of the Industry May 2015 Briefing - Metrics Created By: Security Executive Council The Security Executive Council's Security State of the Industry briefings provides an opportunity for our Tier 1 Security Leaders™ to participate in an in-depth discussion about specific topics or issues affecting their security risk mitigation programs. This session concentrated on security metrics and the path from "counting activity" to demonstrating business value and ROI. These meetings are for SEC's Tier 1 Security Leaders(TM) only.

Multimedia
	Hallmarks of Security Leadership Created By: George Campbell, Security Executive Council Emeritus Faculty George Campbell, emeritus faculty member of the Security Executive Council, discusses the traits he looks for in a security leader, as well as how metrics can be used by security practitioners to get buy-in from the organization. (Recorded at The Great Conversation in Seattle, Wash., March 4 &5, 2013)