Leadership Solutions

key_performance_indicators.gif

Knowledge Corner - Measures & Metrics

Take a sneak peek at our new Knowledge Corner resource pages. We’re working on making SEC resources easier for you to find what you need including resources related to security strategic planning, influencing senior management, risk assessment, leadership strategies and security metrics.

Contact us if you want to know the ways we assist security practitioners.




Articles

   Exploring Our Value Story This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Our value has to be connected to our success in measurably impacting risk. What are the measures, and how are you communicating the critical messages? Sure, every program is delivering some statistics — typically lists of incidents or activities that they sell as “metrics.” But real metrics inform by creating a storyline that implies the need for action. Lists are just the nails you use to build these stories.
 
   How to Use Metrics This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
CSOs generate security data every day. Knowing what to look for and how to analyze it can spell success for a security operation and the organization it serves.
 
   Metrics for Success This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Creating security metrics is so important that nearly all security leaders interviewed by the Security Executive Council (SEC) for a recent survey stated it was a top priority for them.
 
   Metrics for Success - Nuisance alarms are more than a nuisance This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
The reliability of our programs is an essential ingredient of executive confidence and support. If you are looking for a place to focus your quality assurance, shine it consistently on alarm system reliability and response. Whether they be experienced or uninitiated, customers find frequent invalid alarms unacceptable, and they make your responders distrust the validity of calls. When they occur at off-site facilities dependent on law enforcement response, false alarms often cost the company in fines.
 
   Metrics for Success - What is a reportable security violation in your organization?  This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
How serious is the notion of compliance in your company? Is your reputation in the marketplace linked to conformance to an established set of laws, rules or standards? Are there protection mandates in the contracts you have with your customers and key suppliers? What are the implications of inadequate security with regard to your insurance? We are a key player in the governance of these internal controls.
 
   Metrics for success - What is the cost of a bad employee?  This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
The knowledgeable insider is at the top of the list of threats to any organization - public or private. Part of our job is to make business leaders aware of the seriousness of this threat by using metrics that catch their attention. This month's graph measures one small aspect of reputational risk: the time involved in resolving an insider misconduct case resulting in termination for cause.
 
   Metrics for Success - What's state-of-the-art in security metrics? This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
File this in the opinion folder. I have always pinned my metrics hunt to that day very early in my CSO career when the boss asked what kind of metrics we had in the can. As I stumbled for a defensible answer, he said, "I want you to think about what metrics we should follow in our organization and why you think they are important for the senior management team." But the more I dig into this security space, the more I have found that measuring and plotting program performance has been an expectation of every boss I've worked for over these past (gulp!) 50-plus years.
 
   Metrics for Success: Accuracy & Integrity  This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
There is an old saying that there are three types of lies: “lies, damn lies and statistics.” I won’t dwell on the obvious downside of lies or damn lies in our job, but I will underscore that statistics, when calculated hastily or from poorly managed data, are no better than lies. We must have accuracy and integrity in our use of data and statistics, or we will undermine our initiatives, our programs and our own standing with senior management.
 
   Metrics for Success: Business Alliances and Security's Due Diligence This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Mergers with or acquisitions of other companies, outsourcing of key business processes to vendors and other strategic alliances may align external organizations with the reputation and well being of your company.
 
   Metrics for Success: Demonstrate the Effectiveness of Emergency Response This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Employee and invitee safety is a core mission of corporate security. Unfortunately, both business and local government resources are under budget pressure that could potentially impact emergency response. We need to encourage continued support by keeping management apprised of our high performance and readiness to respond.
 
   Metrics for Success: Good metrics tell a story This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
I am constantly hunting for metrics examples, and I am intrigued by the variety of ways experienced organizations present data. One vital measure of good data is its ability to inform and drive action in a specified direction.
 
   Metrics for Success: It's Time to Get Security Metrics Savvy This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Security-related metrics are a must. Every business needs to develop and deliver measurable results, including security.
 
   Metrics for Success: Security Issues in Leased vs. Owned Property This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
A company's leasing arrangements may lack the risk-based due diligence appropriate to a standard of protection enjoyed by owned space.
 
   Metrics for Success: The Risks of Outsourcing Information Security This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Outsourcing has become a fundamental business strategy for most major corporations, but they often overlook the risks that accrue due to the loss of effective business controls over sensitive activities.
 
   Metrics for Success: Who's Accountable for Metrics? This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Where does accountability lie for the maintenance of a proactive measurements and metrics program?
 
   Metrics For Success: Working with Customers for Better Access Control This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
If you have been reading this column each month, you know of my passion for testing and reporting on the effectiveness of the safeguards we have installed to protect our people and assets. You will not influence anyone with metrics that just count things, but you will with ones that really measure how well you and your customers are meeting your responsibilities to protect the company.