Leadership Solutions

Security Metrics: How to Get Started with Security Metrics


How to Use Metrics
CSOs generate security data every day. Knowing what to look for and how to analyze it can spell success for a security operation and the organization it serves.

Measure Your Metrics
Why measure, why metrics? The fact that established metrics for the full range of security programs are few and far between tells a story about the historical disconnection of these functions from the core businesses they serve. We all know how the risk environment has changed over the past few decades with wake-up calls to Boards and senior management.

It's Time to Get Security Metrics Savvy
Every business manager needs to develop and deliver programs and services that demonstrate measurable results, whether good or bad, positive or negative — and that includes security.

Who's Accountable for Metrics?
Where does accountability lie for the maintenance of a proactive measurements and metrics program? The answer is that it is shared up and down the organization, but the CSO is the initiator who must design and sell the program up and down the chain of accountability.

What's State-of-the-Art in Security Metrics?
Think about what metrics you should follow in your organization and why you think they are important for the senior management team and have an answer ready when the boss asks what kind of metrics you have in the can.

Accuracy & Integrity: Essential Metrics Characteristics
We must have accuracy and integrity in our use of data and statistics, or we will undermine our initiatives, our programs and our own standing with senior management. Here are five components of a reliable system for managing metrics-relevant data.

Building a Metrics Program that Matters
In a 2007 Security Executive Council survey, nearly 70 percent of respondents stated that they do not collect security program metrics for the purposes of presenting to senior management.

Security Metrics in Context
Why go through the trouble of applying metrics to your program? George Campbell explores this question in his book, Measures and Metrics in Corporate Security. In this exclusive excerpt, Mr. Campbell describes how metrics improve security's chances for success in various contexts.

Delivering Meaningful Metrics
If security continues to mature as a business function, senior management will likely ask for a set of metrics to measure performance. Security leaders should prepare meaningful metrics that inform management and improve security effectiveness.

Good Metrics Tell a Story
Good metrics demand a story. The story reveals the lesson, the learning from the conclusions drawn by analysis of the data. Like any good story, you have to know your audience and select your theme to connect with their frame of reference.

A Guide for Building Your Corporate Security Metrics Program
Consider this: You can't manage well without measuring well. This short guide will set forth a set of steps that security managersshould use in building a basic metrics program.

A Preview of Measuring & Communicating Security's Value: A Compendium of Metrics for Enterprise Protection
This book picks up from where "Measures and Metrics in Corporate Security" left off. It builds on what you learned with real world, practical examples that may be considered, applied and tested across the full scope of the enterprise security mission.

Building a Security Measures and Metrics Program, Parts 1-7
Metrics provide invaluable insight on program effectiveness, the means to influence business strategy and policy, and the ability to demonstrate the value of security services to business leaders.


Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.

Copyright Security Executive Council. Last Updated: March 15, 2019