Brian McIlravey
Brian McIlravey
Download PDF version Contact company
Security analytics are a vital resource to help an organisation minimise the risk, damage to reputation, theft, and business discontinuity that stems from breaches
Quantifying information provides insights for business to improve performance management

The ability to measure and analyze the effectiveness of security operations is extremely useful – not only for identifying and addressing an organization’s vulnerabilities, but also for demonstrating security’s mitigating impact on overall risk levels along with the higher-level value security delivers to a business. Brian McIlravey, Co-CEO at PPM, explains how security metrics can provide a powerful toolset for accomplishing these objectives.

By quantifying information about conditions within and around facilities, along with situations and incidents which occur and the actions taken to reduce and manage risks, metrics provide insights which give the organization a better understanding of risks and losses, helping them to identify trends and manage performance based on real and meaningful indices. Detailed and concise reporting gives security managers the means to present their findings clearly and accurately to executive management, often an essential step towards building a case for the additional budget allocations needed to improve the safety of a facility. Ultimately, security analytics are a vital resource to help an organization minimize the risk, damage to reputation, theft, and business discontinuity that stems from breaches.

Among the many different kinds of measurements they offer, security metrics can help calculate how much of the budget should be allocated towards security, which aspects should be top priorities, the most effective system configuration, return on investment (ROI), how to measure those improvements, whether exposure and risk have been reduced, and by how much. By gathering data associated with a number of factors, metrics can identify indicators that may suggest problems with a security program – identifying the root causes of incidents, rather than the symptoms – in an effort to prevent incidents before they occur or issues before they arise.

Security metrics provide valuable insight into an organisation’s current security program and policies
Security analytics help an organization minimize risk, damage to reputation, theft, and business discontinuity

Security metrics - benefits 

For example, security metrics may show that there has been a rise in the frequency or severity of accidents, crimes or policy infractions, increased downtime of critical equipment, changes in security response times and much more. While this information is extremely helpful for security professionals to have, it is the associated analysis, a crucial component of metrics, which helps determine why these things are happening. This increased understanding of what is causing particular issues is the main goal of security metrics, as it enables security staff to implement new policies and programs to address those underlying issues.

Metrics can also be used to demonstrate the security program’s accomplishments, complete with figures that can be presented to management to gain support and resources for the program or to encourage recognition for security staff performance.

Choosing what to measure and analyze requires careful consideration; how can an organization be sure to identify the right security metrics from the hundreds of potentials? What are the best tools and strategies for data collection, measurement and analysis? It’s important to note that because relevant metrics vary widely and are specific to an organization and its vulnerabilities, there is no standard answer to this question. Therefore, when designing a program, the goal must be to identify those factors that directly apply to and will affect a specific organization’s risk, ROI, costs, legal, policy and safety issues. Among the top metrics that could be considered would be cost of downtime; incident response times; number of nuisance alarms; number of safety or security hazards identified and eliminated; security cost and/or losses per square foot; and security cost per employee and/or as a percentage of total revenue.

When designing a program,
the goal must be to identify
those factors that directly
apply to and will affect a
specific organization’s risk

Getting relevant security metrics - key questions

While the answers will be different from organization to organization, there are proven processes that aid with identifying what needs to be measured. These three questions should form the basis for developing the most relevant metrics:

  • What are the business goals, needs, values and policies?
  • Who is the audience and what are their objectives?
  • What types of data will be required for metrics and analysis?

Based on how these are answered, the next step is to develop those metrics that will measure and demonstrate security’s contribution to risk management, as well as overall organizational strategies and objectives. It is crucial to treat all collected data very carefully to ensure its integrity and preserve and protect its confidentiality.

The process of analyzing security data can be made more convenient and more productive with analytical software and other tools, which allow a security manager or director to easily and constantly analyze the data on security activities, losses and investigations, and to view graphs and charts that are generated automatically. The faster information is available, the faster measures can be taken to address risks and minimize incidents.

With the right data and analysis, security metrics provide valuable insight into an organization’s current security program and policies, and enable changes to be made to address any shortcomings. These changes can then be analyzed to determine whether they’ve been effective in accomplishing particular goals. By demonstrating security’s value to an organization as a whole, metrics will have a major impact on decisions regarding security and business operations, ultimately leading to greater security and safety for people and property.

Download PDF version Download PDF version

Author profile

Brian McIlravey
Brian McIlravey Executive Vice President, PPM 2000 Inc.

Brian established the company’s Consulting & Training division and was one of the key influencers behind the design of Perspective - PPM’s next-generation incident management software - when it was introduced in 2005. With extensive experience in the incident management and Investigation industry — including both public police and private sector — Brian is a leading authority, educator and speaker on security information management and the technology that drives it.

Related videos

Join The Biggest Hour For Earth

Join The Biggest Hour For Earth
Unveiling Wavestore 6.36: Elevate The Security Experience

Unveiling Wavestore 6.36: Elevate The Security Experience
Hikvision Introduces CGSA-Access Control And Functions

Hikvision Introduces CGSA-Access Control And Functions

In case you missed it

Comprehensive K12 Security
Comprehensive K12 Security

For K12 education pioneers, embarking on a journey to upgrade security controls can present a myriad of questions about finding the best-fit solutions and overcoming funding hurdle...

Choosing The Right Fingerprint Capture Technology
Choosing The Right Fingerprint Capture Technology

Choosing the appropriate fingerprint technology for a given application is dependent on factors including the required level of security and matching accuracy, the desired capabili...

How Do New Security Technologies Transform Retail And Loss Prevention?
How Do New Security Technologies Transform Retail And Loss Prevention?

When it comes to preventing theft and ensuring overall safety, technology offers a robust toolkit for retail stores to enhance security in several ways. From intelligent surveillan...

Security beat

Energetic ISC West Reflects Industry On The Cusp Of Accelerated Change

Energetic ISC West Reflects Industry On The Cusp Of Accelerated Change
View all

Round table discussions

How Can The Security Industry Contribute To Protecting The Environment?

How Can The Security Industry Contribute To Protecting The Environment?
View all

Security bytes

Getting To Know Chris Bone, CTO At ASSA ABLOY Group

Getting To Know Chris Bone, CTO At ASSA ABLOY Group
View all
Featured white papers
Multi-Residential Access Management And Security

Multi-Residential Access Management And Security

Download
Guide For HAAS: New Choice Of SMB Security System

Guide For HAAS: New Choice Of SMB Security System

Download
Precision And Intelligence: LiDAR's Role In Modern Security Ecosystems

Precision And Intelligence: LiDAR's Role In Modern Security Ecosystems

Download
Hikvision: Solar Powered Product Introduction + HCP

Hikvision: Solar Powered Product Introduction + HCP

Download
Gunshot Detection

Gunshot Detection

Download
More expert commentary
Optimizing Hospital Security With Physical Access And Identity Management Software

Optimizing Hospital Security With Physical Access And Identity Management Software
Key Control And Management For Emergency Situations At Educational Facilities

Key Control And Management For Emergency Situations At Educational Facilities
The Impact Of The New HDcctv AT 2.0 Standard

The Impact Of The New HDcctv AT 2.0 Standard
Featured products
Verkada TD52 Cloud-Based Video Intercom

Verkada TD52 Cloud-Based Video Intercom
exacqVision IP08-64T-R1XW-E X-Series 1U Rdnt IP NVR 64TB RAID5 Windows OS with 8 IP Ent Lic

exacqVision IP08-64T-R1XW-E X-Series 1U Rdnt IP NVR 64TB RAID5 Windows OS with 8 IP Ent Lic
Climax Technology TouchPanel-3 7” Color Graphic Touchscreen Panel

Climax Technology TouchPanel-3 7” Color Graphic Touchscreen Panel