In a recent security barometer quick poll we asked what your peers think would be the single most meaningful metric to have for their security function.
Some example entries from the "other" category were: ROI, cost avoidance through services rendered, policy conformance percentage, and shrink reduction.
This was a very popular survey - which is a good thing as it means you are interested in something that is critical for any mature security program. However, one thing we know from our experience assisting hundreds of security teams with their security metrics programs is that a lot of teams have not implemented a metrics program or are only counting things and not telling a value story with their metrics.
Here are a number of resources that may help you start up or enhance your security metrics program:
Enterprise Security Metrics: A Snapshot Assessment of Practices
This report provides a snapshot of the use of metrics in corporate security management. It includes information on the current state-of-the-art of various models of benchmarking and security metrics, types of metrics, judging the maturity of security metrics programs as well as challenges and opportunities for those undertaking security metrics programs. This report specifically summarizes our learned experience from corporate security measures and metrics initiatives:
Enterprise Security Metrics: A Snapshot Assessment of Practices
Benchmarks Aren't Magic, They're Tools
This brief article helps you identify potential hidden issues when benchmarking your processes or performance metrics with similar companies.
Benchmarks Aren't Magic, They're Tools
Measures and Metrics in Corporate Security
Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book shows how to improve security’s bottom line and add value to the business. It provides a variety of organizational measurements, concepts, metrics, indicators and other criteria that may be employed to structure measures and metrics program models appropriate to the reader’s specific operations and corporate sensitivities.
Click here to access: Measures and Metrics in Corporate Security
Measuring Key Performance Indicators
You have multiple objectives to satisfy your stakeholders and accomplish your longer-term strategy and annual security plan. Key Performance Indicators provide an effective monitoring tool to measure your progress.
Measuring Key Performance Indicators
How to Use Metrics
This article provides a few examples of the ways CSOs can think about the data they collect as part of their security operations and identifies what is important to measure, and how to communicate with senior business executives about what the data indicates about their organization's risk environment and how it's being managed.
How to Use Metrics
Looking for More?
The Security Executive Council leads the industry with experts that have successfully guided security metrics programs in some of the world’s most respected organizations. If you are looking to build or enhance your security metrics program,
contact us to find out more about how metrics can help gather the recognition you and your programs deserve.