Measuring Your Security Department
AN INSIGHT INTO SECURITY METRICS
How Do We Enable the Business?
Security professionals often like to talk about security being a “business enabler”. The idea is a sound one: good security helps businesses function more effectively. (And, conversely, bad security can get in the way.) But if we’re not careful, this talk about “business enabler” can be just that -- empty talk, that doesn’t signify anything that the people managing a business really care about.
There needs to be something to support this idea. It needs to be more than just a slogan or bumper sticker. As security professionals, we need to be able to explain how security is a business enabler, and be able to show that security programs are enabling the business to function more effectively, more efficiently and more successfully.
To do that requires using security metrics. When I use these words in speaking to security managers or corporate security directors, I often get one of two reactions. Sometimes, it’s a blank stare. “Security metrics” may as well be ancient Greek -- it just doesn’t have meaning for someone trying to manage a security program on a day-to-day basis. Other times, it’s a look of sheer intimidation. “Security metrics” is meaningful, and the importance is understood, but there’s a deeper worry. That they just don’t know enough about security metrics to use them.
The end result is usually a quick change in topic, or an end to the conversation.
To read the rest, please download the PDF here (PDF 437.8 KB).
You can learn more about G4S Risk Consulting here.