Security program performance metrics are an under-utilized tool in many organizational security programs. It has been said that “you can’t manage what you don’t measure”. Implementing a good security program can be like following Maslow’s four stages of learning. You may be starting at the “You don’t know what you don’t know” stage. This is a common condition for organizational leaders who have not conducted a security risk assessment. Developing and implementing a security program performance metrics initiative will mature a program through the stages of learning and better protect people, assets and information.
Are you currently doing anything to formally measure the results of your security program? An incident free environment does not necessarily equate to excellence in security; so, you need to be doing something more. BPS strongly encourages our clients to adopt meaningful security program performance metrics. This is more than just counting activities; this is using metrics to measure business value added and incident prevention potential.
The process we would typically follow in helping a client in setting up security program performance metrics include:
- Assessing the maturity of the client’s security program. There is no sense in setting up sophisticated performance metrics if a security program is developing from its infancy
- Ensuring there is a clear alignment between client and consultant on the threats and risks faced by an organization.
- With those two foundational elements established, we can now:
- Determine what physical security metrics to measure.
- Identify data collection methods.
- Help teach the client how collect and analyze the data.
- Establish current and leading indicators to move you from a reactive posture to a proactive posture which will better help to prevent security incidents.
- Develop a visual dashboard for periodic presentations to management and a frequency for reporting.
Whether you are security manager trying to take your program to the next level or a company executive who wants a level of assurance that your security program is effective, contact BPS today and we can quickly stand up a security program performance metrics program for you.