Measuring and Communicating Security's Value
A Compendium of Metrics for Enterprise Protection
- 1 Edición - 28 de marzo de 2015
- Última edición
- Autor: George Campbell
- Idioma: Inglés
In corporate security today, while the topic of information technology (IT) security metrics has been extensively covered, there are too few knowledgeable contributions to the si… Leer más
Descripción
Descripción
In corporate security today, while the topic of information technology (IT) security metrics has been extensively covered, there are too few knowledgeable contributions to the significantly larger field of global enterprise protection. Measuring and Communicating Security’s Value addresses this dearth of information by offering a collection of lessons learned and proven approaches to enterprise security management.
Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book can be used in conjunction with Measures and Metrics in Corporate Security, the foundational text for security metrics. This book builds on that foundation and covers the why, what, and how of a security metrics program, risk reporting, insider risk, building influence, business alignment, and much more.
Puntos claves
Puntos claves
- Emphasizes the importance of measuring and delivering actionable results
- Includes real world, practical examples that may be considered, applied, and tested across the full scope of the enterprise security mission
- Organized to build on a principal theme of having metrics that demonstrate the security department’s value to the corporation
De interès para
De interès para
Índice
Índice
Chapter 1. Metrics Management—It is Not About the Numbers
- Introduction
- Metrics Program Assessment
- Building Your Program
- Great Data, Great Opportunity but Bad Presentation!
- What is the State of the Art in Corporate Security Metrics?
- Benchmarking Your Metrics with Peers
- Finding Value in Security Benchmarking
- Benchmarking Security Metrics Programs
- Summary
Chapter 2. Quantifying & Communicating on Enterprise Risk
- Introduction
- Managing Enterprise-Wide Board Risk
- Operating the Radar and the Relevance of “What If”
- Identifying Exploitable Security Defects in Business Processes
- Focus Your Metrics on Avoidable Risk
- Measuring the Impact of Background Investigations
- Tracking Preventable Risk
- Identify and Advertise the Causes of Loss
- Measuring Security Awareness
- Workplace Violence
- Advertising the Failure to Act
- Measuring Compliance Risk
- When Does an Avoidable Risk Become Inevitable?
- Tracking Nuisance and False Alarms
- Meters and Dials—Tracking and Monitoring Key Risk Indicators
- Creating a Business Unit Scorecard
- Tracking Risk in Outsourcing
- Business Integrity and Reputational Risk
- Risk Personified—The Knowledgeable Insider
- Transitions—Moving the Lens from Risk to Performance Indicators
Chapter 3. Measuring Security Program Performance
- Introduction
- Key Performance Indicators
- Communicating Program Performance with Dashboards
- Physical Security Is Measurable
- Alerting Management to High Probability Risk
- Measuring and Managing Your Regional Security Team
- Measuring and Managing Your Guard Force Performance and Cost
- Measuring Vendor-Based Alarm Response
- Tracking Protective Services Key Performance Indicators
- Security Operations Control Center Metrics
- Secure Area Reliability
- The Critical Measure of Time to Respond
- Measuring for Operational Excellence in Security Services
- Measure Risk Exposure with Security Inspections
- Measuring and Managing Cost
- Cycle Time: An Expected Measure of Performance
- Information Security
- Metrics are Bidirectional: Failure as a Performance Indicator
- Measuring Progress of Annual Plans and Objectives
- Is Compliance a Key Risk Indicator or a Key Performance Indicator?
- Security Contract Compliance Auditing
- Measuring for Integrity: Background Investigations
- Measuring Executive Protection Programs
- Business Unit Criticality, Resilience, and Continuity Planning
- Measuring Security Awareness Programs
- The Absence of Awareness is a Key Contributor to Risk
- Ability to Influence the Business is a Key Performance Indicator
- Security’s Value Proposition: Value Is a Key Performance Indicator
- Use Metrics to Demonstrate Security’s Alignment with Business Objectives
- A Few Metrics You Should Really Consider
- Some Closing Thoughts
Reseñas
Reseñas
"This book is advanced reading that should be coupled with other publications on senior security management objectives and strategies within corporations. I learned a great deal from this book and I think that other CSOs will as well."—Security Management
Detalles del producto
Detalles del producto
- Edición: 1
- Última edición
- Publicado: 1 de abril de 2015
- Idioma: Inglés
Sobre el autor
Sobre el autor
GC
George Campbell
Prior to working at Fidelity Investments, Campbell owned a security and consulting firm, which specialized in risk assessment and security program management. He has also been group vice president at a system engineering firm that supported government security programs at high-threat sites around the world. Early on in his career, Campbell worked in the criminal justice system, and served in various line and senior management positions within federal, state, and local government agencies.
Campbell received his bachelor’s degree in police administration from American University in Washington, D.C. He served on the board of directors of the International Security Management Association (ISMA), and as ISMA’s president in 2003. Campbell is also a long-time member of ASIS International. He is a former member of the National Council on Crime Prevention, the High Technology Crime Investigation Association, and the Association of Certified Fraud Examiners, and is an alumnus of the U.S. State Department’s Overseas Security Advisory Council.