Insight on Security Metrics

The SEC’s perspectives on KPIs and business alignment.

Filter by

Insight on Security Metrics

The Risks of Outsourcing Information Security

Don't overlook the risks that accrue due to the loss of effective business controls over sensitive activities, particularly those associated with information infrastructure and vital information assets.
Click for more details
Insight on Security Metrics

Business Alliances and Security's Due Diligence


These are eight factors that the security organization should consider in its evaluation of a prospective business alliance.
Click for more details
Insight on Security Metrics

Threat Assessment: Measuring Likelihood

When you think about security threats to your business, which do you think are likely to manifest? What are the probabilities of a specific type of event occurring at a particular location? How do you convey your concerns to management without sounding like Chicken Little yelling that the sky is falling?
Click for more details
Insight on Security Metrics

Neglect and Apathy – Your Worst Enemies

Risks become avoidable when we put effective safeguards in place to counter them. They become inevitable when we fail to do our jobs — that is, when we disable or fail to enable essential security measures. Let’s look at a large retail chain as one example.
Click for more details
Insight on Security Metrics

Incident Analysis Identifies Business Practice Risk

Knowledgeable insiders are a serious threat to an organization, since they live inside protective measures. They have a unique understanding of the company's vulnerabilities and know how to use them to their own advantage.
Click for more details
Insight on Security Metrics

Increase Influence and Protection through Proactive Risk Assessments

We security professionals cannot sit back and wait for an incident to happen. We are paid to anticipate risk and engage in preventative activities that will eliminate hazards or minimize the impact on business operations and employee safety.
Click for more details
Insight on Security Metrics

Build a Risk Indicator Dashboard

Objective: Provide a single display of the key information a manager needs to monitor a set of measures and effectively communicate the status of those measures.
Click for more details
Insight on Security Metrics

The Risk-Aware Organization

Security practitioners often equate security awareness programs with posters in break rooms, intranet alerts and informative brochures on the risk of the month. While these media serve a useful purpose, Security’s risk awareness strategy must be significantly more disciplined and structured than a periodic communication exercise.
Click for more details
Insight on Security Metrics

A Risk Quantification Process

Having a list of security-related business risks and their associated countermeasures is an essential part of the risk management process.
Click for more details