Leadership Solutions

Security's Most Meaningful Metric

In a recent security barometer quick poll we asked what your peers think would be the single most meaningful metric to have for their security function.

security barometer results chart

Some example entries from the "other" category were: ROI, cost avoidance through services rendered, policy conformance percentage, and shrink reduction.

This was a very popular survey - which is a good thing as it means you are interested in something that is critical for any mature security program. However, one thing we know from our experience assisting hundreds of security teams with their security metrics programs is that a lot of teams have not implemented a metrics program or are only counting things and not telling a value story with their metrics.

Here are a number of resources that may help you start up or enhance your security metrics program:

Enterprise Security Metrics: A Snapshot Assessment of Practices

This report provides a snapshot of the use of metrics in corporate security management. It includes information on the current state-of-the-art of various models of benchmarking and security metrics, types of metrics, judging the maturity of security metrics programs as well as challenges and opportunities for those undertaking security metrics programs. This report specifically summarizes our learned experience from corporate security measures and metrics initiatives:
Click here to access "Enterprise Security Metrics: A Snapshot Assessment of Practices"

article cover image

Benchmarks Aren't Magic, They're Tools

This brief article helps you identify potential hidden issues when benchmarking your processes or performance metrics with similar companies.
Click here to access: Benchmarks Aren't Magic, They're Tools

article cover image

Measures and Metrics in Corporate Security

Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book shows how to improve security’s bottom line and add value to the business. It provides a variety of organizational measurements, concepts, metrics, indicators and other criteria that may be employed to structure measures and metrics program models appropriate to the reader’s specific operations and corporate sensitivities.
Click here to access: Measures and Metrics in Corporate Security

article cover image

Measuring Key Performance Indicators

You have multiple objectives to satisfy your stakeholders and accomplish your longer-term strategy and annual security plan. Key Performance Indicators provide an effective monitoring tool to measure your progress.
Measuring Key Performance Indicators

article cover image

How to Use Metrics

This article provides a few examples of the ways CSOs can think about the data they collect as part of their security operations and identifies what is important to measure, and how to communicate with senior business executives about what the data indicates about their organization's risk environment and how it's being managed.
Click here to access: How to Use Metrics

Looking for More?

The Security Executive Council leads the industry with experts that have successfully guided security metrics programs in some of the world’s most respected organizations. If you are looking to build or enhance your security metrics program, contact us to find out more about how metrics can help gather the recognition you and your programs deserve.