Measuring and Communicating Security's Value
A Compendium of Metrics for Enterprise Protection
- 1st Edition - March 28, 2015
- Author: George Campbell
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 8 0 2 8 4 1 - 4
- eBook ISBN:9 7 8 - 0 - 1 2 - 8 0 2 8 4 3 - 8
In corporate security today, while the topic of information technology (IT) security metrics has been extensively covered, there are too few knowledgeable contributions to the si… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteIn corporate security today, while the topic of information technology (IT) security metrics has been extensively covered, there are too few knowledgeable contributions to the significantly larger field of global enterprise protection. Measuring and Communicating Security’s Value addresses this dearth of information by offering a collection of lessons learned and proven approaches to enterprise security management.
Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book can be used in conjunction with Measures and Metrics in Corporate Security, the foundational text for security metrics. This book builds on that foundation and covers the why, what, and how of a security metrics program, risk reporting, insider risk, building influence, business alignment, and much more.
- Emphasizes the importance of measuring and delivering actionable results
- Includes real world, practical examples that may be considered, applied, and tested across the full scope of the enterprise security mission
- Organized to build on a principal theme of having metrics that demonstrate the security department’s value to the corporation
Chapter 1. Metrics Management—It is Not About the Numbers
- Introduction
- Metrics Program Assessment
- Building Your Program
- Great Data, Great Opportunity but Bad Presentation!
- What is the State of the Art in Corporate Security Metrics?
- Benchmarking Your Metrics with Peers
- Finding Value in Security Benchmarking
- Benchmarking Security Metrics Programs
- Summary
Chapter 2. Quantifying & Communicating on Enterprise Risk
- Introduction
- Managing Enterprise-Wide Board Risk
- Operating the Radar and the Relevance of “What If”
- Identifying Exploitable Security Defects in Business Processes
- Focus Your Metrics on Avoidable Risk
- Measuring the Impact of Background Investigations
- Tracking Preventable Risk
- Identify and Advertise the Causes of Loss
- Measuring Security Awareness
- Workplace Violence
- Advertising the Failure to Act
- Measuring Compliance Risk
- When Does an Avoidable Risk Become Inevitable?
- Tracking Nuisance and False Alarms
- Meters and Dials—Tracking and Monitoring Key Risk Indicators
- Creating a Business Unit Scorecard
- Tracking Risk in Outsourcing
- Business Integrity and Reputational Risk
- Risk Personified—The Knowledgeable Insider
- Transitions—Moving the Lens from Risk to Performance Indicators
Chapter 3. Measuring Security Program Performance
- Introduction
- Key Performance Indicators
- Communicating Program Performance with Dashboards
- Physical Security Is Measurable
- Alerting Management to High Probability Risk
- Measuring and Managing Your Regional Security Team
- Measuring and Managing Your Guard Force Performance and Cost
- Measuring Vendor-Based Alarm Response
- Tracking Protective Services Key Performance Indicators
- Security Operations Control Center Metrics
- Secure Area Reliability
- The Critical Measure of Time to Respond
- Measuring for Operational Excellence in Security Services
- Measure Risk Exposure with Security Inspections
- Measuring and Managing Cost
- Cycle Time: An Expected Measure of Performance
- Information Security
- Metrics are Bidirectional: Failure as a Performance Indicator
- Measuring Progress of Annual Plans and Objectives
- Is Compliance a Key Risk Indicator or a Key Performance Indicator?
- Security Contract Compliance Auditing
- Measuring for Integrity: Background Investigations
- Measuring Executive Protection Programs
- Business Unit Criticality, Resilience, and Continuity Planning
- Measuring Security Awareness Programs
- The Absence of Awareness is a Key Contributor to Risk
- Ability to Influence the Business is a Key Performance Indicator
- Security’s Value Proposition: Value Is a Key Performance Indicator
- Use Metrics to Demonstrate Security’s Alignment with Business Objectives
- A Few Metrics You Should Really Consider
- Some Closing Thoughts
- No. of pages: 226
- Language: English
- Edition: 1
- Published: March 28, 2015
- Imprint: Elsevier
- Paperback ISBN: 9780128028414
- eBook ISBN: 9780128028438
GC
George Campbell
Prior to working at Fidelity Investments, Campbell owned a security and consulting firm, which specialized in risk assessment and security program management. He has also been group vice president at a system engineering firm that supported government security programs at high-threat sites around the world. Early on in his career, Campbell worked in the criminal justice system, and served in various line and senior management positions within federal, state, and local government agencies.
Campbell received his bachelor’s degree in police administration from American University in Washington, D.C. He served on the board of directors of the International Security Management Association (ISMA), and as ISMA’s president in 2003. Campbell is also a long-time member of ASIS International. He is a former member of the National Council on Crime Prevention, the High Technology Crime Investigation Association, and the Association of Certified Fraud Examiners, and is an alumnus of the U.S. State Department’s Overseas Security Advisory Council.