Leadership Solutions

Security Metrics: Specific Examples


Determine the Exploitability of Selected Defects
Objective: To estimate the probability of loss in areas of concern, given known vulnerabilities.

Build a Risk Indicator Dashboard
Objective: Provide a single display of the key information a manager needs to monitor a set of measures and effectively communicate the status of those measures.

Create a Business Unit Scorecard
Objective: To assess the security of various business units and effectively communicate our findings and recommendations to business leaders.

Create a Measures Map
Objective: To visually convey our understanding of and response to a risk event, to show how that risk links to applicable metrics, and to demonstrate that measures are being taken to mitigate future risk.

Gain Support by Illustrating Security's Response Time
We hear a lot about first responders. In the proactive security organization, our security operations teams are the ones that get the initial emergency call and move to assess it and respond from within. Is your organization up to the test of that call?

Tracking Leading and Lagging Indicators
Senior management and analysts in the businesses we serve are constantly tracking and evaluating a host of economic and programmatic indicators to provide alerts on changes in market conditions that need to be addressed.

Leading Indicators
A leading indicator signals a future event — it measures the current state of the market or the business, as well as the future state, in the form of already planned or projected changes. In our world, leading indicators signal future risk of security-related events.

Be a Learning Organization
Do you routinely dig into your incidents to identify the root causes and pass on the learning to those who need to know? If not, plan on logging more of the same and documenting allegedly smart people repeating their mistakes — or worse.

Demonstrate a Need for Stronger Background Vetting
A comprehensive background investigation program is critical to the health and integrity of any enterprise and the quality of internal and external background vetting is critical.

Working with Customers for Better Access Control
Access management is a core safeguard. Understand the range of risks driving this set of safeguards and work with your customers to tailor the protection strategy for results.

Nuisance Alarms Are More than a Nuisance
Frequent false alarms are not only a nuisance but could result in a lack of confidence by first responders who may start to distrust the validity of a call to that location, as well as cause additional costs to the company.

What is a Reportable Security Violation in Your Organization?
Security is a key player in the governance of internal controls. How serious is the notion of compliance in your company?

Security Issues in Leased vs. Owned Property
Whether a company owns or leases properties for its various operations often depends on cost and logistics, but risk should also be considered.

What is the Cost of a Bad Employee
Even a single insider incident can rise to the level of a serious crisis. the time involved in resolving an insider misconduct case resulting in termination for cause is one small aspect of reputational risk.


Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.


Copyright Security Executive Council. Last Updated: October 14, 2018