Defining the Value of Security's Accomplishments
Arguably the most common challenge among security leaders is being able to communicate the value that risk management services and programs bring to the organization.
Security's Balanced Scorecard
The balanced scorecard was originally developed as a business strategic planning and management system. It can be adapted for use by Security. A key element of the balanced scorecard technique is to include both financial and non-financial performance measures. To get started, answer the questions in the chart for Security at your organization.
Internal Customer Value Analysis
This is an analysis of who values your services and why. Why is this important?
Connecting Board-Level Risks to Security Mitigation
Of particular importance when communicating with the C-Suite is relating mitigation to the corresponding board-level risks. This chart shows an example of grouping the security program strategy/mitigation with the business areas that own the security risk and ultimately with the board-level risk category.
Preparedness & Competence = Anticipated Value
This chart helps to relate the elements of preventative/detective and responsive/recovery measures to potentially significant business interruptions or events. The core idea is that expected value derived from Security is the result of the preparedness and risk mitigation competency of the organization.
For more information on the value of security's accomplishments see Demonstrating Value: Measuring Value
Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.
Copyright Security Executive Council. Last Updated: July, 2018
You can download a PDF of the information shared on this page here: