Research, Studies and Whitepapers
Most Read
Most Emailed
E-mail Article
Print Article
Measuring the Business Value of Security
The Security Executive Council weighs in on why security metrics are important to your jobSecurityInfoWatch.com
The Security Executive Council (SEC) recently completed an online survey which queried respondents on how they used metrics (the survey also reviewed workplace violence). While the full research is not public (SEC members have access, as well as those who participated in the survey), the Council did note that they found that only 31 percent of the respondents "gather security program data in order to create statistical reports to present to senior management." Conversely, the council notes that all of its members report that they use such data in their reports.
Faced with such an alarming statistic (and the disparity between SEC members and the general security public), SecurityInfoWatch.com caught up with Security Executive Council's Bob Hayes and Kathleen Kotwica to shed some light on what it means to report security metrics.
SecurityInfoWatch: Should this 31 percent statistic be a wake-up call to security managers to start collecting data?
SEC: Yes, it should be more than a wake-up call that 67 percent said they don’t collect information -- it should be an alarm. When you look beyond the statistics to see what people reported as the reasons for not collecting data, you see that a large percentage didn’t collect data because management hadn’t asked for it. That should be an alarm to security managers, because it may mean management isn’t even aware that security has metrics that may impact the business, or it may mean that security is being left out of the mainstream of the organization. Respondent comments also indicated that some security managers don’t know what metrics are or how they should gather or report metrics, and that will require some training and education. And some of the responses seemed to show that other security managers feel that collecting metrics is more work than they want to do, and that is definitely a wake-up call. If your management has an interest or develops an interest in this area, you’d better be ready to respond.
Participate in a Security Executive Council Survey
New research survey examines role of security, reporting to management, IT protections• Preview the survey questions
• Take the actual survey
Respondents who take this month’s survey and SEC members will receive free benchmark data via e-mail once the responses reach critical mass.
Additionally, should businesses without a dedicated security department (or those that might simply hire out "security" to a guard services company) be collecting this data?
