Leadership Solutions

Pie2.jpg

Security Research & Benchmarks

Our latest benchmark covers security program costs, program ownership, reporting structures and more. Preliminary results from this benchmark suggest...

Average Security Budget as a Percentage of Organization Revenue is 0.068% (result released August 2011)

Average Security Budget Dollar Per Organization Employee is $249 (result released August 2011)

These are just some of the risk management metrics we have collected. If you would like more details such as how these break down by industry or size of organization then you have to participate in the Security Leadership Research Institute (SLRI). There is no cost to join the SLRI. The only requirements are you must know the details about your organization's risk management budget and structure and be willing to participate in the SLRI research. All information will be held in the strictest confidence and will only be shared in an aggregate form.

Some Recent Results from our Security Barometer Polls

  • 64% of security executives felt knowing how best to evaluate their security program would add the most value to their department
  • 27% of security executives have lost a job as a result of a change in management


See below for more valuable research and benchmarks for risk management executives.


Selected Research & Benchmarks

14 Effective Solutions for Creating Successful Security Programs
Created By: Security Executive Council
This paper highlights brief case studies that depict solutions using Security Executive Council tools and processes. These are based on what the SEC has gleaned in the last 10 years working with security practitioners. At the end of the document don't miss 10 Tips You Can Learn from our Experience with Successful Programs.
 
A Preview of Measuring & Communicating Security’s Value, A Compendium of Metrics for Enterprise Protection
Created By: George Campbell, Security Executive Council Emeritus Faculty
This preview of Measuring & Communicating Security’s Value, A Compendium of Metrics for Enterprise Protection covers such topics as risk reporting to influence corporate policy and behavior, using metrics in partnership with core business strategy and process, and building metrics for impact and results.
 
Assessment Quiz: Organizational Readiness for Security
Created By: By: Security Executive Council
The Council has spent years researching this topic and has found that understanding what management thinks Security "is" and "does" is critical. You need to know how management perceives Security in order to educate them on the reality - and to get appropriate buy-in for resource requests or advancement of your goals.
 
Assessment Quiz: Security Leadership Continuum
Created By: Security Executive Council
This quiz is now closed but you can see results from those that took it.
 
Background Investigations Benchmark - Exclusive Preliminary Results
Created By: Security Executive Council
A preliminary summary of the SEC benchmark on background investigations has been just published. The information gathered in the research can be used to compare against your background investigations program, identify areas where improvement is possible and generate ideas. It provides a preliminary look into some of the results that have been gathered to date from this valuable benchmark research. For example: While all the participating organizations conducted background investigations on employees, over 50% of them also had their vendors undergo checks.
 
Business Continuity Thought Leader Paper
Created By: Dean Correia, Security Executive Council Emeritus Faculty
Among Dean Correia's many accomplishments was driving the creation of Business Continuity and Crisis Management planning for Walmart Canada. Now as Security Executive Council Emeritus Faculty he is offering some insight gathered from his experience to help you build better business continuity plans for your organization.
Click to download PDF file
558KB
Business Journals for Risk Managers
Created By: Security Executive Council
A wise risk manager needs to understand the environment security programs are operating in. One of the best ways to obtain that knowledge is to keep up-to-date on the organization, industry and the economy. It's not just about the housing market and global debt, instead it's having a broad understanding of what the organization is facing in terms of its customers, employees, suppliers, and competitors. Keeping an eye on what is important to your executive team will help you when it comes to communicating risk to management.
 
Case Study: Risk Management and Security Metrics at Boeing
Created By: Greg Niehaus, Security Executive Council Board of Visionary Leaders; Professor of Insurance and Finance, University of South Carolina
Here is an opportunity to get the inside story on building a superior metrics program for a world class enterprise security program. This first ever business case study focusing on security risk is being used at South Carolina's Darla Moore School of Business to introduce students to the security metrics program that is used by Boeing to improve decision making. It also provides insight into their workplace violence program.
 
Corporate Governance and Compliance Hotline Benchmark Report I
Created By: Security Executive Council
How "healthy" is your organization? Receive your complimentary copy of the first Corporate Governance and Compliance Hotline Benchmarking Report. This groundbreaking report examines organizational hotline activity across all major industries.
     Click here to view a short video describing this resource in more detail.
Registration required for download
REGISTRATION
REQUIRED
Corporate Governance and Compliance Hotline Benchmark Report II
Created By: Security Executive Council
The Security Executive Council announces its second report on corporate hotline data, providing executives a benchmark against which to assess their own governance and compliance hotlines. This year's report includes data on more hotline reports and is organized to make it easier for you to compare your organization's hotline program with like businesses. This second Corporate Governance and Hotline Benchmark Report will benefit all executives who deal in compliance or corporate ethics, so please download it and pass it on to your colleagues.
     Click here to view a short video describing this resource in more detail.
Registration required for download
REGISTRATION
REQUIRED
Defining Best Practices in Global Security Operations Centers
Created By: Documented by George Campbell, SEC Emeritus Faculty and co-lead GSOC Best Practices Working Group
The Security Executive Council Global formed the Global Security Operations Center (GSOC) working group with the objective of advancing the value proposition of security operations centers and identifying a body of best practices with group members. The group has additionally recognized that by incorporating the analytical framework of operational excellence in this endeavor it will enable them to demonstrate measurable value to their organizations. The work of this group has only just begun but this initial executive summary provides some evidence of the value the members of the group have thus far uncovered. Tier 1 Leadersâ„¢: Log-in to instantly receive your copy.
Registration required for download
REGISTRATION
REQUIRED
Defining the Total Cost of Security: Programs and Services Survey Showing Interesting Security Program Results
Created By: Security Executive Council
Selected preliminary analysis from our ground breaking research initiative is shown below. This represents only a small portion of the information being collected. You can expect much more in-depth analysis once the data collection phase of the process has concluded.
 
Driving Excellence in Enterprise Security
Created By: George Campbell, Security Executive Council Emeritus Faculty
This paper provides a starting place for security leaders who are interested in operational excellence or are considering applying it within their programs. It includes: Range of approaches gathered from discussions with a number of Tier 1 Leaders™; insight into how to achieve a critical baseline assessment of security’s value; potential measures of excellence in security programs; and a template to help investigate and identify initial targets for application of operational excellence.
 
Enterprise Security Metrics: A Snapshot Assessment of Practices
Created By: George Campbell, Security Executive Council Emeritus Faculty
This report provides a snapshot assessment on the current use of metrics in corporate security management. This report is limited to the state of security metrics exclusive of information security metrics. While our collective knowledge experiences do include InfoSec - that area of metrics development agenda is more than effectively documented in any number of excellent books and industry sources. This report specifically summarizes our earned experience from corporate security measures and metrics initiatives. Tier 1 Leadersâ„¢: Log-in to instantly receive your copy.
Registration required for download
REGISTRATION
REQUIRED
Executive Summary: Corporate Security Organizational Structure, Cost of Services and Staffing Benchmark
Created By: The Security Leadership Research Institute
The Security Leadership Research Institute (SLRI) has published ground breaking results of their Corporate Security Organizational Structure, Cost of Services and Staffing survey. The full report covers such metrics as security budgets, staffing, program drivers, governance and oversight. This executive summary provides a glimpse into some of what is contained in the full report. If you participate in the SLRI surveys you can receive the next edition of the full report. For more information about SLRI click here
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Finding Time: Open-Source Policy, Assessment, and Guidance Documents
Created By: Security Executive Council
Finding ways to multiply efforts is a critical skill for living a sane and successful life as a security leader. If policy or guidelines creation is the goal, open-source documents and templates can serve as useful building blocks and save you the time of starting from scratch.
 
If You Had Three Wishes
Created By: Security Executive Council
If you could have anything you wanted for your risk management program what would it be? In this poll we wanted to find out what elements would add the most value to security leaders and their teams. Participants in this poll were allowed to select up to three wishes.
 
Improving the Way Risk Management is Perceived by the Enterprise
Created By: Security Executive Council
Survey respondents were encouraged to share what they have done to help improve the perception of security and risk management programs in the eyes of their enterprise.
 

International Security Programs Benchmark Report

Created By: Security Executive Council
This is the full report that Security Executive Council Tier 1 Leadersâ„¢ and participants receive. This project began as a Tier 1 Leaderâ„¢ driven strategic initiative to ascertain the what and how of international security programs. Based on in-depth Tier 1 Leaderâ„¢ interviews earlier in the project, it became clear research was necessary to fully grasp the breadth and scope of programs currently in place and any differentiators. This is the first of three projected reports from this data.
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Investigative Confusion - Who Owns Investigations?
Created By: Security Executive Council
Some organizations spread responsibility and ownership for different types of investigations among their business functions. Whether you want to bring investigations in under your department or just help eliminate investigative confusion this paper will help you get started.
 

Issue Exploration: Security Leadership Background Trends

Created By: Security Executive Council
Based on recent observations, the Council conducted a survey to ascertain whether the backgrounds (or knowledge sets) of security leaders are changing. Download the results and analysis. Interestingly, we found that not only did respondents have military, law or government function experience but also business experience.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Legislation, Regulations, Voluntary Compliance & Standards Library (LRVCS)
The Council is collecting the ever growing LRVCS related to security. Contribute a missing item and receive a free metrics presentation PowerPoint. Send suggestions to contact@secleader.com
     Click here to view a short video describing this resource in more detail.
Managing and Defending a Security Budget - Laying a Foundation
Created By: Security Executive Council
This Trend Report provides insight and a foundation for all security programs to address related budgetary issues. Read the research report and start preparing for your future.
 
Next Generation Security Leader Development Program: Inside View By Marleah Blades, Senior Editor, Security Executive Council
Created By: Security Executive Council
This blog covers the Council's newest initiative, an online executive-level program for security practitioners, led by Council Faculty (current and former CSOs/CISOs) and USC Faculty. Learn more about the program here.
 
Nine Practices of the Successful Security Leader
Created By: The Security Executive Council
A series of in-depth practitioner interviews conducted by the Council led to the identification of nine practices that the most successful leaders have in common. Interviews were asked questions related to their top organizational risks, business alignment and drivers, internal influence issues and senior management's view of Security. During the resulting qualitative analysis, it became clear that the interviewees with highly successful, internally recognized security programs had several things in common.
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Not Following Established Policy Tops List of Most Significant Threats to Information Protection
Created By: Security Executive Council
An advance release of a summary of research conducted by Kennesaw State University CISE in partnership with the SEC reports that the most significant threat from internal sources was the inability/unwillingness to follow established policy. This was followed by disclosure due to insufficient training.
 
Operational Excellence in Contract Security Performance Measurement
Created By: George Campbell, Security Executive Council Emeritus Faculty
George Campbell, an expert in operational security metrics has just completed a report on applying an operational excellence methodology to contract security services. This report contains real-life experience-proven examples of value enforcing KPIs to apply to contract security SLAs. If you have any interest in getting optimal value out of contract security services this is the one report you cannot ignore.
 
Persuading Senior Management with Effective, Evaluated Security Metrics
Created By: Security Executive Council
ASIS just published their well funded survey of available literature on measures and metrics. The most often referenced original material in the report came from the Security Executive Council (SEC). The ASIS publication makes clear to those in the know that the SEC has been leading the industry in research on corporate security measures and metrics for the last ten years.
 

Proven Solution Innovation Case Study: Persistent Background Screening Improves Compliance and Exception Reporting

Created By: Security Executive Council
This Solution Innovation Case Study offers a proven process approach for mitigating risk(s) that could result in injury or impairment of people, assets, critical processes, products and/or brand reputation.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Security Barometer - Centralized Risk Repository
Created By: Security Executive Council
A centralized repository of risks provides a robust foundation for an effective risk management program. This latest Security Executive Council quick poll covering centralized risk repositories shares some enlightening results.
 
Security Barometer Results - How Much Effort is Spent on Building People Networks for the Benefit of Security
Created By: Security Executive Council
In our ground breaking research summarized in "The Roadmap for Security Leadership Success" we highlighted 10 important decisions successful leaders make; one of these is the importance of building the right relationships both within and outside the organization. In these Security Barometer results we wanted to investigate how our readers are working on building their network for the benefit of their security programs.
 
Security Barometer Results - What Leadership Practice is Most Important to Your Success
Created By: Security Executive Council
Our community comprises many individuals who are recognized in the industry as highly successful security leaders. Because they have allowed us access to their time and insights, the Security Executive Council was in a unique position to uncover and identify similarities that contribute to strong performance. A series of in-depth interviews led us to identify nine practices that the most successful leaders have in common.
 
Security Barometer Results: Are Security Practitioners Using Twitter for Business?
Twitter apparently is being used by some people but we wanted to know if risk management practitioners were using twitter for business purposes. We are sharing some good feedback that might be of interest to you as you consider if and how Twitter might play a role in your risk management programs.
 
Security Barometer Results: Are You Fairly Compensated?
In this security barometer quick poll we wanted examine to what extent the economy was affecting compensation. However we found something more enlightening in the commentary about why respondents felt the way they did. See how your peers responded here.
 
Security Barometer Results: Centralized Risk Repository
A centralized repository of risks provides a robust foundation for an effective risk management program. While 90% of respondents felt a central repository was valuable less than half had one. See more about results of our poll here.
 
Security Barometer Results: If You Had Three Wishes
If you could have anything you wanted for your risk management program what would it be? In this quick poll we wanted to find out what elements would add the most value to security leaders and their teams.
 
Security Barometer Results: Impact Of Terrorism Arrests on Security
We created this Security Barometer quick poll in the aftermath of the U.S. the terrorism arrests that occurred in New York and Denver in September 2009 to find out if business executives saw any connection between these events and the long term health of their own organizations.
 
Security Barometer Results: Mexico Drug Decriminalization
Will the recent changes in drug laws affect you? A common theme from respondents was their concern regarding transportation and cargo. Even if your organization does not have facilities in countries with lax drug laws you may want to give thought to the risks in your supply chain.
 
Security Barometer Results: Security Hiring Practices and Security Diversity
Created By: Security Executive Council
There has been a lot of attention in the news devoted to social media's effects on job recruiting. While few would argue the benefits of using social networks to obtain job candidates this Security Barometer strives to provide more information on how effective social networks are currently performing.
 
Security Barometer Results: Security Program Maturity Models
Created By: Security Executive Council
Maturity models are a framework that can be used to benchmark processes and procedures against clearly defined best practices. This Security Barometer quick poll asked security practitioners to self-assess their security programs using the framework created by the Software Engineering Institute at Carnegie Mellon University.
 
Security Barometer Results: The Security Executive's Tenure
The Security Executive Council set out to gather some information about why leaders in the security and risk mitigation field have been dismissed from their jobs.
 
Security Barometer Results: Top 5 Security Risks To Your Organization
As organizations become leaner and more agile the management of security risks becomes more important than ever in protecting the value being built. It is becoming imperative that all business functions maintain focus on the tasks that really matter to the organization. See what risk management executives are focusing on now.
 
Security Barometer Results: What Business Journals are Security Practitioners Reading?
Keeping a close watch on the economic and business trends buffeting your organization is a critical prerequisite for truly understanding how your team supports your organization's goals. In this poll we wanted to get an idea what business journals security practitioners were reading to keep up with those business trends.
 
Security Barometer Results: What is Putting Your Continued Employment at Greatest Risk?
Overall the results demonstrate that the risks to continued employment that security and risk management executives face are as diverse as the organizations they represent. These risks are largely determined by the state of your organization's perception of the need for security and its unique culture, or what we call "organizational readiness".
 
Security Barometer Results: What is the Most Popular Business Continuity Standard?
Created By: Security Executive Council
In this Security Barometer quick poll we wanted to find out what business continuity standards security leaders were using when developing their programs. As shown ISO 22301 was chosen more often by the respondents of the poll. However, surprisingly 30% stated that they do not benchmark their business continuity program against a standard.
 
Security Barometer Results: Where do you go for information about your day-to-day operational needs?
These results include the top eight resources sought out by risk management practitioners as well as examples of the type of information being requested.
 
Security Barometer Results: Which Educational Background Does Your Management Value More?
Created By: Security Executive Council
In this Security Barometer poll we wanted to investigate what our community felt their management was looking for in educational background for security and risk mitigation employees.
 

Security Budget Research Report

Created By: The Security Executive Council
This is an analysis of data collected from survey of security program budgets that was conducted by the Council January 2009. This report, available to Council members, provides detailed information on the changes in budgets over the past two fiscal years segmented by industry as well as budget category. In addition the report provides a list of some of the creative efforts that security executives are undertaking to counter the effects the economy is having on their security programs.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Security Budget Research Report: Impact of the Economic Downturn
Executive Summary

An executive summary of the results of a survey was sent to qualified security practitioners (over 85% at the director level or above) to gather information on the state of their security budgets and to assess any impact the economic downturn has had on their programs.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Security Executive Council Trend Report: Benefits and Risks of Web 2.0 in the Enterprise

Created By: Security Executive Council
Enterprises are adopting Web 2.0 applications in increasing numbers to improve communication and workflow within their businesses and to improve relationships with clients. Businesses employing such applications must be prepared to face the risks that accompany it.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Security Measures and Metrics
Created By: Security Executive Council
Are you trying to benchmark any of these programs? Background screening, Guard force, Investigations, IT security, Physical security, Workplace violence, Other security programs…

Are you often asked to calculate the cost of security? Get access to this information by joining the Security Leadership Research Institute. It is free to join; all it takes is a small amount of your time.

 

Security Performance Measures and Metrics

Created By: Security Executive Council
A total of 156 survey participants, including Security Executive Council (SEC) Tier 1 Leaders, answered questions about performance measures security practitioners are using in this benchmark.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Security Title Benchmark: Survey Report
Created By: Security Executive Council
Based on a Security Executive Council Survey of 415 respondents between September 26 and October 20, 2005.
Click to download PDF file
171KB
Security's Most Meaningful Metric
Created By: Security Executive Council
These are the results of a security barometer quick poll the Security Executive Council conducted asking what would be the single most meaningful metric for the security function.
 
The Benefits and Security Risks of Web-Based Applications for Business, 1st Edition
Created By: Kathleen Kotwica, Ph.D., EVP and Chief Knowledge Strategist, Security Executive Council
Many companies see value in using Web 2.0 apps to increase market reach or collaboration at a lower cost. Can these applications be misused? Certainly, but not unlike any other outlet that lets employees socialize or conduct personal business while on company time. The following report explores some of the current thinking and research on the topic.
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
    
Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
The Biggest Challenge to the Success of Security Programs
Created By: Security Executive Council
This Security Barometer offered a tough question to answer. There are many possible challenges to the success of security programs but in this security barometer the respondents had to choose the single one they felt was the most significant.
 
The Effect Organizational Culture has on Security
Created By: Security Executive Council
In this security barometer we examining whether the organization you work for is hindering or helping you achieve your risk management objectives.
 
The Importance of Security's Brand Image
Created By: Security Executive Council
Some people think that security is doing their ultimate job when their peers within the organization do not know that security is there. There is a certain logic to this. If there is no cyber breach, if there is no incident of violence, if material has not been stolen from the grounds then we must be doing a good job and if we are doing a good job people will notice. Right? Wrong.
 
The Roadmap for Security Leadership Success
Created By: Security Executive Council
This thought leader paper and series of podcasts is the result of ten years worth of working with security practitioners. Our research identified 10 common practices that highly accomplished security leaders exhibit. Also, listen to SEC subject matter experts provide their thoughts on executing the 10 practices.
 
The Roadmap for Security Leadership Success Interviews, Practice #5 - Focus on Leadership Issues
Created By: Francis D'Addario, Security Executive Council Emeritus Faculty
Kathleen "K2" Kotwica, EVP and Chief Knowledge Strategist for the Security Executive Council (SEC), interviews Francis D'Addario, SEC Emeritus Faculty and former CSO of Starbucks Coffee. The discussion delves into one of the 10 Roadmap for Success practices - the importance of focusing on leadership issues.
 
The Roadmap for Security Leadership Success Interviews, Practice #9 - Recognize your organization is different from any other, even from peer companies
Created By: Richard Lefler, Security Executive Council Executive Board of Advisors and Dean of Emeritus Faculty
Kathleen "K2" Kotwica, EVP and Chief Knowledge Strategist for the Security Executive Council (SEC), interviews Richard Lefler, SEC Emeritus Faculty and former Vice President of Worldwide Security for American Express, on one of the 10 Roadmap for Success practices - the importance of recognizing each organization is different from any other and how this affects how the security leader should develop his or her risk mitigation program.
 
The Successful Security Practitioner’s Top to-Dos
Created By: Security Executive Council
This document is a concise summary of the key elements you need to know before starting any new role or program. These practices have been identified by the Security Executive Council through our work with some of the leaders of the world’s most sophisticated and accomplished security programs.
 
The Top Action to Combat Insider Threat
Created By: Security Executive Council
How Many Organizations Have A Formal Insider Threat Program? What was voted the most important action to combat insider threat? This SEC Security Barometer polled security practitioners to answer to these and more questions on insider threats. Insiders, malicious or not, are frequently cited as one of the top risks to organizations. This poll reveals some interesting observations from your peers.
 
Thought Leader Report Identifying Practices Common to Successful Security Leaders
Created By: Security Executive Council
A series of in-depth interviews with a large number of security leaders led us to identify practices that the most successful leaders have in common.
 
Threats to Information Protection
An early release summary of "Threats to Information Protection 2015" provides a glimpse into the results of extensive research performed by Kennesaw State University's Center for Information Security Education (CISE) in partnership with the SEC. The summary material briefly covers the top ranked general, internal, and external threats to information protection. The research also investigated trends in staffing, changes in attack patterns and high risk technologies.
 
Top Security Risk to Organizations Today - 2015
Created By: Security Executive Council
Results of this Security Barometer peer quick pool show Cyber Crime followed by Insider Threat were the top two most selected responses. See the rest of the threats in order of top concerns and the comparisons of poll answers over the years.
 

Trend Research Report: Foreign Corrupt Practices Act (FCPA) Due Diligence

Created By: Security Executive Council
A report on third party due diligence related to FCPA activities according to current research. Findings are from sources such as audit and law firms and other associations that represent many multi-national/global companies. Report developed to educate senior management and other internal stakeholders (e.g., peers) on what a third party due diligence program as it relates to FCPA may encompass.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Trend Research: Bring Your Own Device (BYOD) To Work
Created By: Security Executive Council
This resource was developed based on a Tier 1 Leader and their IT colleague looking at productivity around the topic of BYOD to work (e.g., if I had my own phone or computer (e.g., Apple brand device) I could increase my productivity.) The research was then expanded to include further information on what peer corporations are doing in this area (e.g., pros, cons, must haves, challenges, risks and liabilities).
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Trend Research: Comprehensive Business Continuity Programs
Created By: Security Executive Council
This compilation of publicly available information, Council research and observations on business continuity is intended to supply background to use to assist in developing a business continuity program or weighing the effectiveness of an existing program.
A Tier 1 Leader item available for purchase. Visit our store.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Trend Research: Crisis Management at the Speed of the Internet
Created By: Security Executive Council
This report that sheds light on the rapidly changing nature of threats on the Internet and how companies, with Security’s help, can respond strategically. It provides examples of companies that have faced threats to their brands and how they have responded; strategies to prepare ahead and help to mitigate the effects when a crisis occurs and explores the broader need for a comprehensive communication and crisis management plan that incorporates the dynamic nature of the Internet.
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
Using Twitter for Business Purposes
Created By: Security Executive Council
In this security barometer the Council wanted to get an idea of how Twitter is being used for business purposes among our risk management leaders. We are sharing some good feedback that might be of interest to you as you consider if and how Twitter might play a role in your risk management programs.
 
What Are Your Peers Working On?
Created By: Security Executive Council
This list is a recent snapshot from the SEC's project management tool to show you the kinds of things your peers are working on. It also helps answer the question – what exactly does the SEC do? While this is not a complete list of all the ways we have partnered with security leaders like you, it may help you identify ways you can enhance your security programs as well as your career.
 
What Are Your Peers Working On?
Created By: Security Executive Council
Here is a short excerpt of some of the projects the SEC has been working on for your peers. Give it a quick scan and compare it with what you are doing in your organization.
 
What Benchmark Data Do You Want?
Created By: Security Executive Council
A recent Security Barometer polled a large number of security practitioners to gather a list of benchmarking metrics they desired. It also investigated the top reasons why people want to benchmark their programs and services.
 
What is the Most Important Characteristic of an Outstanding CSO/CISO?
Created By: Security Executive Council
It may be no surprise that "relationship building" was selected as the most important characteristic of an outstanding CSO/CISO. Strong relationships assist in many ways from promoting ideas and learning from others to building bonds that become beneficial when crises emerge. Relationship building is crucial to being able to work efficiently within an organization. In his recent Faculty Advisor blog Security Executive Council emeritus faculty member David Quilter pointed out when it comes to gaining knowledge about the business, "...[the] focus has to be on building relationships with your leaders."
 
What the C-Suite is looking for When Hiring Risk Managers
Created By: Security Executive Council
As demonstrated in a recent survey, corporate executives are expecting their leaders of risk management to have a strong understanding of the company’s business and industry. They also wanted these leaders to have a strategic view of risk and risk management. In addition they wanted their risk managers to have a broad-based operational perspective.
 
Where Does All the Time Go?
Created By: Security Executive Council
In this Security Barometer we are investigating where security and risk management practitioners are spending their time. How do the results shown below compare to your own time management practice?
 
Who Owns Investigations?
Created By: Security Executive Council
If you are like many organizations there are probably some types of investigations where two or more business units claim to own or lead. This is what we call "investigative confusion". If you want to bring investigations under your department or just want to address investigative confusion this paper will help you get started.
 
Why Focus on Business Reputation Risk?
Created By: Security Executive Council
In a recent Security Executive Council (SEC) Security Barometer poll we found the one thing that security practitioners felt would most help their department and career is to become more involved with the business side of the organization. To achieve that goal successful risk managers must demonstrate a thorough understanding of what is important to senior executives.
 
Why You Should Conduct Confidence Surveys
Created By: Security Executive Council
The Security Executive Council (SEC) has conducted extensive research and analyzed what makes programs successful. Based on this work there is a particular kind of survey the SEC has been recommending recently, what we call confidence surveys, which are used to assess the level of confidence the organization has in your programs and services. One of the things our research has shown is that leaders of successful security risk mitigation programs know how familiar internal customers are with their services and how they feel about them.