Leadership Solutions

Pie2.jpg

Security Research & Benchmarks

Our latest benchmark covers security program costs, program ownership, reporting structures and more. Preliminary results from this benchmark suggest...

Average Security Budget as a Percentage of Organization Revenue is 0.068% (result released August 2011)

Average Security Budget Dollar Per Organization Employee is $249 (result released August 2011)

These are just some of the risk management metrics we have collected. If you would like more details such as how these break down by industry or size of organization then you have to participate in the Security Leadership Research Institute (SLRI). There is no cost to join the SLRI. The only requirements are you must know the details about your organization's risk management budget and structure and be willing to participate in the SLRI research. All information will be held in the strictest confidence and will only be shared in an aggregate form.

Some Recent Results from our Security Barometer Polls

  • 64% of security executives felt knowing how best to evaluate their security program would add the most value to their department
  • 27% of security executives have lost a job as a result of a change in management


See below for more valuable research and benchmarks for risk management executives.


Selected Research & Benchmarks

14 Effective Solutions for Creating Successful Security Programs
Created By: Security Executive Council
This paper highlights brief case studies that depict solutions using Security Executive Council tools and processes. These are based on what the SEC has gleaned in the last 10 years working with security practitioners. At the end of the document don't miss 10 Tips You Can Learn from our Experience with Successful Programs.
 
Assessment Quiz: Organizational Readiness for Security
Created By: By: Security Executive Council
The Council has spent years researching this topic and has found that understanding what management thinks Security "is" and "does" is critical. You need to know how management perceives Security in order to educate them on the reality - and to get appropriate buy-in for resource requests or advancement of your goals.
 
Assessment Quiz: Security Leadership Continuum
Created By: Security Executive Council
This quiz is now closed but you can see results from those that took it.
 
Business Continuity Thought Leader Paper
Created By: Dean Correia, Security Executive Council Emeritus Faculty
Among Dean Correia's many accomplishments was driving the creation of Business Continuity and Crisis Management planning for Walmart Canada. Now as Security Executive Council Emeritus Faculty he is offering some insight gathered from his experience to help you build better business continuity plans for your organization.
Click to download PDF file
558KB
Business Journals for Risk Managers
Created By: Security Executive Council
A wise risk manager needs to understand the environment security programs are operating in. One of the best ways to obtain that knowledge is to keep up-to-date on the organization, industry and the economy. It's not just about the housing market and global debt, instead it's having a broad understanding of what the organization is facing in terms of its customers, employees, suppliers, and competitors. Keeping an eye on what is important to your executive team will help you when it comes to communicating risk to management.
 
Corporate Governance and Compliance Hotline Benchmark Report I
Created By: Security Executive Council
How "healthy" is your organization? Receive your complimentary copy of the first Corporate Governance and Compliance Hotline Benchmarking Report. This groundbreaking report examines organizational hotline activity across all major industries.
     Click here to view a short video describing this resource in more detail.
Registration required for download
REGISTRATION
REQUIRED
Corporate Governance and Compliance Hotline Benchmark Report II
Created By: Security Executive Council
The Security Executive Council announces its second report on corporate hotline data, providing executives a benchmark against which to assess their own governance and compliance hotlines. This year's report includes data on more hotline reports and is organized to make it easier for you to compare your organization's hotline program with like businesses. This second Corporate Governance and Hotline Benchmark Report will benefit all executives who deal in compliance or corporate ethics, so please download it and pass it on to your colleagues.
     Click here to view a short video describing this resource in more detail.
Registration required for download
REGISTRATION
REQUIRED
Defining Best Practices in Global Security Operations Centers
Created By: Documented by George Campbell, SEC Emeritus Faculty and co-lead GSOC Best Practices Working Group
The Security Executive Council Global formed the Global Security Operations Center (GSOC) working group with the objective of advancing the value proposition of security operations centers and identifying a body of best practices with group members. The group has additionally recognized that by incorporating the analytical framework of operational excellence in this endeavor it will enable them to demonstrate measurable value to their organizations. The work of this group has only just begun but this initial executive summary provides some evidence of the value the members of the group have thus far uncovered. Tier 1 Leadersâ„¢: Log-in to instantly receive your copy.
Registration required for download
REGISTRATION
REQUIRED
Defining the Total Cost of Security: Programs and Services Survey Showing Interesting Security Program Results
Created By: Security Executive Council
Selected preliminary analysis from our ground breaking research initiative is shown below. This represents only a small portion of the information being collected. You can expect much more in-depth analysis once the data collection phase of the process has concluded.
 
Driving Excellence in Enterprise Security
Created By: George Campbell, Security Executive Council Emeritus Faculty
This paper provides a starting place for security leaders who are interested in operational excellence or are considering applying it within their programs. It includes: Range of approaches gathered from discussions with a number of Tier 1 Leaders™; insight into how to achieve a critical baseline assessment of security’s value; potential measures of excellence in security programs; and a template to help investigate and identify initial targets for application of operational excellence.
 
Enterprise Security Metrics: A Snapshot Assessment of Practices
Created By: George Campbell, Security Executive Council Emeritus Faculty
This report provides a snapshot assessment on the current use of metrics in corporate security management. This report is limited to the state of security metrics exclusive of information security metrics. While our collective knowledge experiences do include InfoSec - that area of metrics development agenda is more than effectively documented in any number of excellent books and industry sources. This report specifically summarizes our earned experience from corporate security measures and metrics initiatives. Tier 1 Leadersâ„¢: Log-in to instantly receive your copy.
Registration required for download
REGISTRATION
REQUIRED
Executive Summary: Corporate Security Organizational Structure, Cost of Services and Staffing Benchmark
Created By: The Security Leadership Research Institute
The Security Leadership Research Institute (SLRI) has published ground breaking results of their Corporate Security Organizational Structure, Cost of Services and Staffing survey. The full report covers such metrics as security budgets, staffing, program drivers, governance and oversight. This executive summary provides a glimpse into some of what is contained in the full report. If you participate in the SLRI surveys you can receive the next edition of the full report. For more information about SLRI click here
Click to visit our Strategic Alliance partner’s site, Elsevier, for more information or to order this book.
 
Finding Time: Open-Source Policy, Assessment, and Guidance Documents
Created By: Security Executive Council
Finding ways to multiply efforts is a critical skill for living a sane and successful life as a security leader. If policy or guidelines creation is the goal, open-source documents and templates can serve as useful building blocks and save you the time of starting from scratch.
 
If You Had Three Wishes
Created By: Security Executive Council
If you could have anything you wanted for your risk management program what would it be? In this poll we wanted to find out what elements would add the most value to security leaders and their teams. Participants in this poll were allowed to select up to three wishes.
 
Improving the Way Risk Management is Perceived by the Enterprise
Created By: Security Executive Council
Survey respondents were encouraged to share what they have done to help improve the perception of security and risk management programs in the eyes of their enterprise.
 

International Security Programs Benchmark Report

Created By: Security Executive Council
This is the the full report that Security Executive Council Tier 1 Leaders™ and participants receive.This project began as a Tier 1 Leader™ driven strategic initiative to ascertain the what and how of international security programs. Based on in-depth Tier 1 Leader™ interviews earlier in the project, it became clear research was necessary to fully grasp the breadth and scope of programs currently in place and any differentiators. This is the first of three projected reports from this data. Click to visit our Strategic Alliance partner’s site, Elsevier, for more information or to order this book.
     Click here to view a short video describing this resource in more detail.

Issue Exploration: Security Leadership Background Trends

Created By: Security Executive Council
Based on recent observations, the Council conducted a survey to ascertain whether the backgrounds (or knowledge sets) of security leaders are changing. Download the results and analysis. Interestingly, we found that not only did respondents have military, law or government function experience but also business experience.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Legislation, Regulations, Voluntary Compliance & Standards Library (LRVCS)
The Council is collecting the ever growing LRVCS related to security. Contribute a missing item and receive a free metrics presentation PowerPoint. Send suggestions to contact@secleader.com
     Click here to view a short video describing this resource in more detail.
Managing and Defending a Security Budget - Laying a Foundation
Created By: Security Executive Council
This Trend Report provides insight and a foundation for all security programs to address related budgetary issues. Read the research report and start preparing for your future.
 
Next Generation Security Leader Development Program: Inside View By Marleah Blades, Senior Editor, Security Executive Council
Created By: Security Executive Council
This blog covers the Council's newest initiative, an online executive-level program for security practitioners, led by Council Faculty (current and former CSOs/CISOs) and USC Faculty. Learn more about the program here.
 
Nine Practices of the Successful Security Leader
Created By: The Security Executive Council
A series of in-depth practitioner interviews conducted by the Council led to the identification of nine practices that the most successful leaders have in common. Interviews were asked questions related to their top organizational risks, business alignment and drivers, internal influence issues and senior management's view of Security. During the resulting qualitative analysis, it became clear that the interviewees with highly successful, internally recognized security programs had several things in common.
The public can obtain the report here: Nine Practices of the Successful Security Leader
 
Persuading Senior Management with Effective, Evaluated Security Metrics
Created By: Security Executive Council
ASIS just published their well funded survey of available literature on measures and metrics. The most often referenced original material in the report came from the Security Executive Council (SEC). The ASIS publication makes clear to those in the know that the SEC has been leading the industry in research on corporate security measures and metrics for the last ten years.
 
Research about Attitudes on the Benefits and Controls of Web 2.0 in the Enterprise
Created By: Security Executive Council
Many companies see value in using Web 2.0 apps to increase market reach or collaboration at a lower cost. Can these applications be misused? Certainly, but not unlike any other outlet that lets employees socialize or conduct personal business while on company time. The following report explores some of the current thinking and research on the topic.
Click to visit our Strategic Alliance partner’s site, Elsevier, for more information or to order this book.
     Click here to view a short video describing this resource in more detail.
Security Barometer - Centralized Risk Repository
Created By: Security Executive Council
A centralized repository of risks provides a robust foundation for an effective risk management program. This latest Security Executive Council quick poll covering centralized risk repositories shares some enlightening results.
 
Security Barometer Results - How Much Effort is Spent on Building People Networks for the Benefit of Security
Created By: Security Executive Council
In our ground breaking research summarized in "The Roadmap for Security Leadership Success" we highlighted 10 important decisions successful leaders make; one of these is the importance of building the right relationships both within and outside the organization. In these Security Barometer results we wanted to investigate how our readers are working on building their network for the benefit of their security programs.
 
Security Barometer Results - What Leadership Practice is Most Important to Your Success
Created By: Security Executive Council
Our community comprises many individuals who are recognized in the industry as highly successful security leaders. Because they have allowed us access to their time and insights, the Security Executive Council was in a unique position to uncover and identify similarities that contribute to strong performance. A series of in-depth interviews led us to identify nine practices that the most successful leaders have in common.
 
Security Barometer Results: Are Security Practitioners Using Twitter for Business?
Twitter apparently is being used by some people but we wanted to know if risk management practitioners were using twitter for business purposes. We are sharing some good feedback that might be of interest to you as you consider if and how Twitter might play a role in your risk management programs.
 
Security Barometer Results: Are You Fairly Compensated?
In this security barometer quick poll we wanted examine to what extent the economy was affecting compensation. However we found something more enlightening in the commentary about why respondents felt the way they did. See how your peers responded here.
 
Security Barometer Results: Centralized Risk Repository
A centralized repository of risks provides a robust foundation for an effective risk management program. While 90% of respondents felt a central repository was valuable less than half had one. See more about results of our poll here.
 
Security Barometer Results: If You Had Three Wishes
If you could have anything you wanted for your risk management program what would it be? In this quick poll we wanted to find out what elements would add the most value to security leaders and their teams.
 
Security Barometer Results: Impact Of Terrorism Arrests on Security
We created this Security Barometer quick poll in the aftermath of the U.S. the terrorism arrests that occurred in New York and Denver in September 2009 to find out if business executives saw any connection between these events and the long term health of their own organizations.
 
Security Barometer Results: Mexico Drug Decriminalization
Will the recent changes in drug laws affect you? A common theme from respondents was their concern regarding transportation and cargo. Even if your organization does not have facilities in countries with lax drug laws you may want to give thought to the risks in your supply chain.
 
Security Barometer Results: The Security Executive's Tenure
The Security Executive Council set out to gather some information about why leaders in the security and risk mitigation field have been dismissed from their jobs.
 
Security Barometer Results: Top 5 Security Risks To Your Organization
As organizations become leaner and more agile the management of security risks becomes more important than ever in protecting the value being built. It is becoming imperative that all business functions maintain focus on the tasks that really matter to the organization. See what risk management executives are focusing on now.
 
Security Barometer Results: What Business Journals are Security Practitioners Reading?
Keeping a close watch on the economic and business trends buffeting your organization is a critical prerequisite for truly understanding how your team supports your organization's goals. In this poll we wanted to get an idea what business journals security practitioners were reading to keep up with those business trends.
 
Security Barometer Results: What is Putting Your Continued Employment at Greatest Risk?
Overall the results demonstrate that the risks to continued employment that security and risk management executives face are as diverse as the organizations they represent. These risks are largely determined by the state of your organization's perception of the need for security and its unique culture, or what we call "organizational readiness".
 
Security Barometer Results: What is the Most Popular Business Continuity Standard?
Created By: Security Executive Council
In this Security Barometer quick poll we wanted to find out what business continuity standards security leaders were using when developing their programs. As shown ISO 22301 was chosen more often by the respondents of the poll. However, surprisingly 30% stated that they do not benchmark their business continuity program against a standard.
 
Security Barometer Results: Where do you go for information about your day-to-day operational needs?
These results include the top eight resources sought out by risk management practitioners as well as examples of the type of information being requested.
 
Security Barometer Results: Which Educational Background Does Your Management Value More?
Created By: Security Executive Council
In this Security Barometer poll we wanted to investigate what our community felt their management was looking for in educational background for security and risk mitigation employees.
 

Security Budget Research Report

Created By: The Security Executive Council
This is an analysis of data collected from survey of security program budgets that was conducted by the Council January 2009. This report, available to Council members, provides detailed information on the changes in budgets over the past two fiscal years segmented by industry as well as budget category. In addition the report provides a list of some of the creative efforts that security executives are undertaking to counter the effects the economy is having on their security programs.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Security Budget Research Report: Impact of the Economic Downturn
Executive Summary

An executive summary of the results of a survey was sent to qualified security practitioners (over 85% at the director level or above) to gather information on the state of their security budgets and to assess any impact the economic downturn has had on their programs.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Security Executive Council Trend Report: Benefits and Risks of Web 2.0 in the Enterprise

Created By: Security Executive Council
Enterprises are adopting Web 2.0 applications in increasing numbers to improve communication and workflow within their businesses and to improve relationships with clients. Businesses employing such applications must be prepared to face the risks that accompany it.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Security Measures and Metrics
Created By: Security Executive Council
Are you trying to benchmark any of these programs? Background screening, Guard force, Investigations, IT security, Physical security, Workplace violence, Other security programs…

Are you often asked to calculate the cost of security? Get access to this information by joining the Security Leadership Research Institute. It is free to join, all it takes is a small amount of your time.

 

Security Performance Measures and Metrics

Created By: Security Executive Council
A total of 156 survey participants, including Security Executive Council (SEC) Tier 1 Leaders, answered questions about performance measures security practitioners are using in this benchmark.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Security Title Benchmark: Survey Report
Created By: Security Executive Council
Based on a Security Executive Council Survey of 415 respondents between September 26 and October 20, 2005.
Click to download PDF file
171KB
The Biggest Challenge to the Success of Security Programs
Created By: Security Executive Council
This Security Barometer offered a tough question to answer. There are many possible challenges to the success of security programs but in this security barometer the respondents had to choose the single one they felt was the most significant.
 
The Effect Organizational Culture has on Security
Created By: Security Executive Council
In this security barometer we examining whether the organization you work for is hindering or helping you achieve your risk management objectives.
 
The Importance of Security's Brand Image
Created By: Security Executive Council
Some people think that security is doing their ultimate job when their peers within the organization do not know that security is there. There is a certain logic to this. If there is no cyber breach, if there is no incident of violence, if material has not been stolen from the grounds then we must be doing a good job and if we are doing a good job people will notice. Right? Wrong.
 
The Roadmap for Security Leadership Success
Created By: Security Executive Council
This thought leader paper and series of podcasts is the result of ten years worth of working with security practitioners. Our research identified 10 common practices that highly accomplished security leaders exhibit. Also, listen to SEC subject matter experts provide their thoughts on executing the 10 practices.
 
The Roadmap for Security Leadership Success Interviews, Practice #5 - Focus on Leadership Issues
Created By: Francis D'Addario, Security Executive Council Emeritus Faculty
Kathleen "K2" Kotwica, EVP and Chief Knowledge Strategist for the Security Executive Council (SEC), interviews Francis D'Addario, SEC Emeritus Faculty and former CSO of Starbucks Coffee. The discussion delves into one of the 10 Roadmap for Success practices - the importance of focusing on leadership issues.
 
The Roadmap for Security Leadership Success Interviews, Practice #9 - Recognize your organization is different from any other, even from peer companies
Created By: Richard Lefler, Security Executive Council Executive Board of Advisors and Dean of Emeritus Faculty
Kathleen "K2" Kotwica, EVP and Chief Knowledge Strategist for the Security Executive Council (SEC), interviews Richard Lefler, SEC Emeritus Faculty and former Vice President of Worldwide Security for American Express, on one of the 10 Roadmap for Success practices - the importance of recognizing each organization is different from any other and how this affects how the security leader should develop his or her risk mitigation program.
 
The Successful Security Practitioner’s Top to-Dos
Created By: Security Executive Council
This document is a concise summary of the key elements you need to know before starting any new role or program. These practices have been identified by the Security Executive Council through our work with some of the leaders of the world’s most sophisticated and accomplished security programs.
 
Thought Leader Report Identifying Practices Common to Successful Security Leaders
Created By: Security Executive Council
A series of in-depth interviews with a large number of security leaders led us to identify practices that the most successful leaders have in common.
 

Trend Research Report: Foreign Corrupt Practices Act (FCPA) Due Diligence

Created By: Security Executive Council
A report on third party due diligence related to FCPA activities according to current research. Findings are from sources such as audit and law firms and other associations that represent many multi-national/global companies. Report developed to educate senior management and other internal stakeholders (e.g., peers) on what a third party due diligence program as it relates to FCPA may encompass.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Trend Research: Bring Your Own Device (BYOD) To Work
Created By: Security Executive Council
This resource was developed based on a Tier 1 Leader and their IT colleague looking at productivity around the topic of BYOD to work (e.g., if I had my own phone or computer (e.g., Apple brand device) I could increase my productivity.) The research was then expanded to include further information on what peer corporations are doing in this area (e.g., pros, cons, must haves, challenges, risks and liabilities).
Click to visit our Strategic Alliance partner’s site, Elsevier, for more information or to order this book.
 
Trend Research: Comprehensive Business Continuity Programs
Created By: Security Executive Council
This compilation of publicly available information, Council research and observations on business continuity is intended to supply background to use to assist in developing a business continuity program or weighing the effectiveness of an existing program.
A Tier 1 Leader item available for purchase. Visit our store.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Trend Research: Crisis Management at the Speed of the Internet
Created By: Security Executive Council
This report that sheds light on the rapidly changing nature of threats on the Internet and how companies, with Security’s help, can respond strategically. It provides examples of companies that have faced threats to their brands and how they have responded; strategies to prepare ahead and help to mitigate the effects when a crisis occurs and explores the broader need for a comprehensive communication and crisis management plan that incorporates the dynamic nature of the Internet.
Click to visit our Strategic Alliance partner’s site, Elsevier, for more information or to order this book.
     Click here to view a short video describing this resource in more detail.
Using Twitter for Business Purposes
Created By: Security Executive Council
In this security barometer the Council wanted to get an idea of how Twitter is being used for business purposes among our risk management leaders. We are sharing some good feedback that might be of interest to you as you consider if and how Twitter might play a role in your risk management programs.
 
What is the Most Important Characteristic of an Outstanding CSO/CISO?
Created By: Security Executive Council
It may be no surprise that "relationship building" was selected as the most important characteristic of an outstanding CSO/CISO. Strong relationships assist in many ways from promoting ideas and learning from others to building bonds that become beneficial when crises emerge. Relationship building is crucial to being able to work efficiently within an organization. In his recent Faculty Advisor blog Security Executive Council emeritus faculty member David Quilter pointed out when it comes to gaining knowledge about the business, "...[the] focus has to be on building relationships with your leaders."
 
What the C-Suite is looking for When Hiring Risk Managers
Created By: Security Executive Council
As demonstrated in a recent survey, corporate executives are expecting their leaders of risk management to have a strong understanding of the company’s business and industry. They also wanted these leaders to have a strategic view of risk and risk management. In addition they wanted their risk managers to have a broad-based operational perspective.
 
Where Does All the Time Go?
Created By: Security Executive Council
In this Security Barometer we are investigating where security and risk management practitioners are spending their time. How do the results shown below compare to your own time management practice?
 
Why Focus on Business Reputation Risk?
Created By: Security Executive Council
In a recent Security Executive Council (SEC) Security Barometer poll we found the one thing that security practitioners felt would most help their department and career is to become more involved with the business side of the organization. To achieve that goal successful risk managers must demonstrate a thorough understanding of what is important to senior executives.