Leadership Solutions

Persuading Senior Management with Effective, Evaluated Security Metrics

ASIS just published their well funded survey of available literature on measures and metrics. The most often referenced original material in the report came from the Security Executive Council (SEC). The ASIS publication makes clear to those in the know that the SEC has been leading the industry in research on corporate security measures and metrics for the last ten years.

You can access the SEC material that was referenced in the ASIS publication as well as new original SEC research on security metrics all from this page. However the SEC goes beyond security metrics research. Our teams have successfully assisted many organizations with building and refining their metrics programs. One project even resulted in the first ever corporate security academic case study available for schools educating future security leaders. If you are interested in learning more about how the SEC can help you with your security metrics program contact us.

If you are looking for actionable information on security metrics that have been used by security practitioners to measure and support their programs one place is the book referenced in the ASIS publication:

Measures and Metrics in Corporate Security: Communicating Business Value

  • The book describes the basic components of a metrics program, as well as the business context for metrics
  • Provides guidelines to help security managers leverage the volumes of data their security operations already create
  • Identifies the metrics security executives have found tend to best serve security’s unique (and often misunderstood) missions
  • Includes 375 real examples of security metrics across 13 categories

Click here to find out more and to get your copy of Measures and Metrics in Corporate Security: Communicating Business Value



Here is new research on metrics in corporate security not included in the ASIS publication:


Enterprise Security Metrics: A Snapshot Assessment of Practices


This report provides a snapshot of the use of metrics in corporate security management. It includes information on the current state-of-the-art of various models of benchmarking and security metrics, types of metrics, judging the maturity of security metrics programs as well as challenges and opportunities for those undertaking security metrics programs. This report specifically summarizes our learned experience from corporate security measures and metrics initiatives:
Click here to access "Enterprise Security Metrics: A Snapshot Assessment of Practices"


Just Published - The SECs new book authored by George Campbell titled Measuring & Communicating Security’s Value, A Compendium of Metrics for Enterprise Protection


This book picks up from where "Measures and Metrics in Corporate Security: Communicating Business Value" left off. It builds on what you learned with real world, practical examples that may be considered, applied and tested across the full scope of the enterprise security mission.
"Measuring & Communicating Security’s Value" covers:
  • The why, what and how of a security metrics program
  • Risk reporting to influence corporate policy and behavior
  • The ability to influence as a key performance indicator
  • Metrics in partnership with core business strategy and process
  • Building metrics for impact and results
  • Hundreds of examples of metrics proven through real world use

Also included in the book is a metrics program maturity self-assessment tool and a proven six step process for implementing a security measures and metrics program.

Click here for more information and to view a sample of the book.


Get Your Corporate Security Benchmarks Here: The Security Leadership Research Institute Benchmark Study is Now Underway


This is the only free benchmark run by an organization that not only knows the security and risk management industry inside and out but also exists for the benefit of the organizations participating in the benchmark. An update to the most comprehensive security and risk management benchmark in the security industry is now being conducted by the SEC's Security Leadership Research Institute. There is no cost to participate and the resulting in-depth analysis and report will only be made available to those that participate in the benchmark - so participate now and join the hundreds of other companies being included in the upcoming report. Click here to find out more about the benchmark as well as how to participate.


Click here to view other books the SEC has published.