Security Barometer
Are core security programs being neglected? 
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Articles | ||
Are Your Metrics Connected to Top Management’s Agenda?  Created By: George Campbell, SEC Faculty The non-financial board metrics should really inform decisions on which security metrics we target for reporting up. | ||
 | ||
| Assess the Probability of Business Loss Created By: George Campbell, SEC Faculty Estimate the probability of loss in areas of concern, given known vulnerabilities. | ||
| ||
| Be a Learning Organization Created By: By George Campbell, SEC Faculty Root cause analysis is an established process in quality management, engineering and risk management. The objectives are: to objectively, relentlessly identify the factors that created a failure of a control or set of controls so that those conditions may be prevented in the future. | ||
| ||
| Benchmarks Aren’t Magic, They’re Tools
Created By: Bob Hayes, Managing Director, Kathleen Kotwica, Security Executive Council Security executives frequently come to us to request assistance in benchmarking their processes or performance metrics with similar companies. Usually we find that their interest is at least partially driven by a strong push from management. Business leaders recognize benchmarking as a proven business practice that can identify competitive strengths and vulnerabilities as well as opportunities for improvement. Benchmarking can inform corporate goal-setting and can play a significant role in strategic planning. | ||
| ||
| Build a Risk Indicator Dashboard Created By: George Campbell, SEC Faculty Provide a single display of the key information a manager needs to monitor a set of measures and effectively communicate the status of those measures. | ||
| ||
| Building a Metrics Program that Matters
Created By: Security Executive Council Staff Those of us who read this magazine regularly know about security metrics. We have read about their value and seen monthly examples of useful metrics and what to do with them. But, ladies and gentlemen, we are still missing the proverbial boat. Some of us are running alongside as it pulls from the dock, waving our arms and begging it to slow down so we can figure out where the ramp is. Others are across the street at the ticket booth wondering why there are so many people in line. | ||
| ||
| Delivering Meaningful Metrics Created By: Marleah Blades, Security Executive Council If security continues to mature as a business function, senior management will likely ask for a set of metrics to measure performance. Security leaders should prepare meaningful metrics that inform management and improve security effectiveness. Marleah Blades reports on insight shared from the Next Generation Security Leader program's exploration of the development and communication of meaningful security metrics. | ||
| ||
| Demonstrating Security Program Value to the C-Suite Created By: Dean Correia, SEC Faculty Dean Correia, Emeritus Faculty - Canada, participated in a panel with other security practitioners to discuss how to demonstrate security program value to the C-Suite. | ||
| ||
| Exploring Our Value Story Created By: George Campbell, Security Executive Council Emeritus Faculty Our value has to be connected to our success in measurably impacting risk. What are the measures, and how are you communicating the critical messages? Sure, every program is delivering some statistics — typically lists of incidents or activities that they sell as “metrics.” But real metrics inform by creating a storyline that implies the need for action. Lists are just the nails you use to build these stories. | ||
| ||
| Global Survey of Workplace Hotline Reports Shows Significant Improvements in Some Key Industries – Data Obtained from 650 Companies Created By: Security Executive Council The Security Executive Council's 2007 Corporate Governance and Compliance Hotline Benchmarking Report provides a key set of benchmark data for corporations in 10 industries. | ||
| ||
| How to Influence with Metrics Created By: George Campbell, Security Executive Council Emeritus Faculty How will you use the "must have" metrics - both key risk indicators and value indicators - in your organization. You have the data and the results, now how will you use them to influence your business? Think about the results you are seeking, how the measures and data you are communicating are achieving some improved state of security or safety. | ||
| ||
| How to Use Metrics Created By: George Campbell, Security Executive Council Emeritus Faculty CSOs generate security data every day. Knowing what to look for and how to analyze it can spell success for a security operation and the organization it serves. | ||
| ||
| Is it Time for a Corporate Security Maturity Assessment? Created By: George Campbell, SEC Faculty Maturity is about reliability and indicates levels of acceptance and established practice. A mature process has proven practices that have consistently delivered valued results to the organization. Understanding the current levels of proficiency and acceptance of security processes within an organization should be essential steps in building and maintaining a Corporate Security business plan. | ||
| ||
| Metrics for Success Created By: George Campbell, Security Executive Council Emeritus Faculty Creating security metrics is so important that nearly all security leaders interviewed by the Security Executive Council (SEC) for a recent survey stated it was a top priority for them. | ||
| ||
| Metrics for Success - Nuisance alarms are more than a nuisance Created By: George Campbell, Emeritus Faculty The reliability of our programs is an essential ingredient of executive confidence and support. If you are looking for a place to focus your quality assurance, shine it consistently on alarm system reliability and response. Whether they be experienced or uninitiated, customers find frequent invalid alarms unacceptable, and they make your responders distrust the validity of calls. When they occur at off-site facilities dependent on law enforcement response, false alarms often cost the company in fines. | ||
| ||
| Metrics for Success - What is a reportable security violation in your organization?
Created By: George Campbell, Emeritus Faculty How serious is the notion of compliance in your company? Is your reputation in the marketplace linked to conformance to an established set of laws, rules or standards? Are there protection mandates in the contracts you have with your customers and key suppliers? What are the implications of inadequate security with regard to your insurance? We are a key player in the governance of these internal controls. | ||
| ||
| Metrics for success - What is the cost of a bad employee?
Created By: George Campbell, Security Executive Council Emeritus Faculty The knowledgeable insider is at the top of the list of threats to any organization - public or private. Part of our job is to make business leaders aware of the seriousness of this threat by using metrics that catch their attention. This month's graph measures one small aspect of reputational risk: the time involved in resolving an insider misconduct case resulting in termination for cause. | ||
| ||
| Metrics for Success - What's state-of-the-art in security metrics? Created By: George Campbell, Security Executive Council Emeritus Faculty File this in the opinion folder. I have always pinned my metrics hunt to that day very early in my CSO career when the boss asked what kind of metrics we had in the can. As I stumbled for a defensible answer, he said, "I want you to think about what metrics we should follow in our organization and why you think they are important for the senior management team." But the more I dig into this security space, the more I have found that measuring and plotting program performance has been an expectation of every boss I've worked for over these past (gulp!) 50-plus years. | ||
| ||
| Metrics for Success: Accuracy & Integrity
Created By: George Campbell, Emeritus Faculty There is an old saying that there are three types of lies: “lies, damn lies and statistics.” I won’t dwell on the obvious downside of lies or damn lies in our job, but I will underscore that statistics, when calculated hastily or from poorly managed data, are no better than lies. We must have accuracy and integrity in our use of data and statistics, or we will undermine our initiatives, our programs and our own standing with senior management. | ||
| ||
| Metrics for Success: Business Alliances and Security's Due Diligence Created By: George Campbell, Security Executive Council Emeritus Faculty Mergers with or acquisitions of other companies, outsourcing of key business processes to vendors and other strategic alliances may align external organizations with the reputation and well being of your company. | ||
| ||
| Metrics for Success: Demonstrate the Effectiveness of Emergency Response Created By: George Campbell, Security Executive Council Emeritus Faculty Employee and invitee safety is a core mission of corporate security. Unfortunately, both business and local government resources are under budget pressure that could potentially impact emergency response. We need to encourage continued support by keeping management apprised of our high performance and readiness to respond. | ||
| ||
| Metrics for Success: Good metrics tell a story Created By: George Campbell, Emeritus Faculty I am constantly hunting for metrics examples, and I am intrigued by the variety of ways experienced organizations present data. One vital measure of good data is its ability to inform and drive action in a specified direction. | ||
| ||
| Metrics for Success: It's Time to Get Security Metrics Savvy Created By: George Campbell, Security Executive Council Emeritus Faculty Security-related metrics are a must. Every business needs to develop and deliver measurable results, including security. | ||
| ||
| Metrics for Success: Security Issues in Leased vs. Owned Property Created By: George Campbell, Security Executive Council Emeritus Faculty A company's leasing arrangements may lack the risk-based due diligence appropriate to a standard of protection enjoyed by owned space. | ||
| ||
| Metrics for Success: The Risks of Outsourcing Information Security Created By: George Campbell, Security Executive Council Emeritus Faculty Outsourcing has become a fundamental business strategy for most major corporations, but they often overlook the risks that accrue due to the loss of effective business controls over sensitive activities. | ||
| ||
| Metrics for Success: Who's Accountable for Metrics? Created By: George Campbell, Security Executive Council Emeritus Faculty Where does accountability lie for the maintenance of a proactive measurements and metrics program? | ||
| ||
| Metrics For Success: Working with Customers for Better Access Control Created By: George Campbell, Security Executive Council Emeritus Faculty If you have been reading this column each month, you know of my passion for testing and reporting on the effectiveness of the safeguards we have installed to protect our people and assets. You will not influence anyone with metrics that just count things, but you will with ones that really measure how well you and your customers are meeting your responsibilities to protect the company. | ||
| ||
| New report offers benchmarks for security budgets, staffing
Created By: Whit Richardson, Security Executive Council Staff The average security budget as a percentage of an organization's total revenue is 0.07 percent, according to a new benchmark report released by the two-year-old Security Leadership Research Institute, the research arm of the Security Executive Council. | ||
| ||
| Operational Excellence in Contract Security Performance Measurement Created By: George Campbell, SEC Faculty The focus of this thought leader paper is on measuring the performance of security service providers. The Security Executive Council believes that there needs to be a more in-depth consideration of what constitutes "excellence" in these operations given the consistent growth of outsourcing to guard service companies. | ||
| ||
| Ranking Security Performance Created By: Security Executive Council If you assess and rank your performance proactively rather than waiting to be asked, you may be exempt from management requirements to perform ranking assessments their way later. A maturity assessment is one way to do this. | ||
| ||
| Security Metrics in Context Created By: George Campbell, Security Executive Council Emeritus Faculty An excerpt from George Campbell's Measures and Metrics in Corporate Security. | ||
| ||
| Security Metrics: Measuring Performance Created By: Security Executive Council Staff These articles cover the use of tools such as Key Performance Indicators (KPIs) and balanced scorecards to help you set long-term goals and to evaluate and monitor your progress toward achieving those goals, along with sample charts to generate ideas for KPIs. | ||
| ||
Login
Find It For Me!
Can't find what you're looking for? Likely we have what you need. Click the Find It For Me! button and we'll help you out.
