Security Metrics
0 likes326 views
This document discusses the importance of security metrics for measuring performance. It states that security programs will be measured with or without metrics, so having metrics is good management. It explains that security functions have historically been disconnected from core businesses, but with increased risks, corporations now require security organizations to measure performance and demonstrate contribution to the bottom line through metrics. Finally, it recommends that the Chief Security Officer have a dashboard of around half a dozen key metrics that are regularly monitored, such as issues relevant to their industry or concerns of management.
Security Metrics
- 1. Security Metrics PLN9 Security Services Pvt. Ltd. Complete Security Solution In Association With Tyco © COPYRIGHT PLN9 SECURITY SERVICES PVT. LTD. ALL RIGHTS RESERVED
- 2. Security Metrics of Performance Security metrics are not about numbers; they are about performance. Unless you have the intestinal fortitude to adequately plan and execute a program to legitimately measure how well specific security programs are delivering on their objectives -- and stand the heat from the answers you may get -- you likely are not going to benefit from this discussion. But your programs will be measured with or without you. Having the answers is just good management.
- 3. Why Measure, Why Metrics? The fact that established metrics and measures for the full range of security programs are few and far between tells a story about the historical disconnection of these functions from the core businesses they serve. The risk environment has changed significantly over the past 30 years with shocking wake-up calls to CEOs, Boards and shareholders. Attentive corporations have had to address the exposures uncovered in these times with more sophisticated and mainstream corporate security organizations. With this mainstreaming comes the need (obligation) to measure performance and demonstrate contribution to the bottom line. Metrics are a natural descendant of this process.
- 4. The CSO Dashboard Every Chief Security Officer should have half a dozen dials that are watched on a regular basis. These indicators could be “survival metrics”- the hot buttons you are expected to address or those few dials that monitor selected wellness indicators unique to your organization or of particular concern to management. If you are in financial services, you might be particularly attuned to the number of business units with dated contingency plans and inadequate software patch administration, internal misconduct or numbers or people hired with known derogatory backgrounds. The CFO may be an excellent resource to advise on the presentation of dashboard metrics since this officer typically reports performance metrics to management on a regular basis.
- 5. Thank you