Brian McIlravey
Brian McIlravey
Download PDF version Contact company
Security analytics are a vital resource to help an organisation minimise the risk, damage to reputation, theft, and business discontinuity that stems from breaches
The ability to measure and analyse the effectiveness of security operations is extremely useful – not only for identifying and addressing an organisation’s vulnerabilities, but also for demonstrating security’s mitigating impact on overall risk levels along with the higher-level value security delivers to a business. Brian McIlravey, Co-CEO at PPM, explains how security metrics can provide a powerful toolset for accomplishing these objectives.

By quantifying information about conditions within and around facilities, along with situations and incidents which occur and the actions taken to reduce and manage risks, metrics provide insights which give the organisation a better understanding of risks and losses, helping them to identify trends and manage performance based on real and meaningful indices. Detailed and concise reporting gives security managers the means to present their findings clearly and accurately to executive management, often an essential step towards building a case for the additional budget allocations needed to improve the safety of a facility. Ultimately, security analytics are a vital resource to help an organisation minimise the risk, damage to reputation, theft, and business discontinuity that stems from breaches.

Among the many different kinds of measurements they offer, security metrics can help calculate how much of the budget should be allocated towards security, which aspects should be top priorities, the most effective system configuration, return on investment (ROI), how to measure those improvements, whether exposure and risk have been reduced, and by how much. By gathering data associated with a number of factors, metrics can identify indicators that may suggest problems with a security program – identifying the root causes of incidents, rather than the symptoms – in an effort to prevent incidents before they occur or issues before they arise.

Security metrics provide valuable insight into an organisation’s current security program and policies
 Security analytics help an organisation minimise risk, damage to reputation, theft, and business discontinuity

Security metrics - benefits 

For example, security metrics may show that there has been a rise in the frequency or severity of accidents, crimes or policy infractions, increased downtime of critical equipment, changes in security response times and much more. While this information is extremely helpful for security professionals to have, it is the associated analysis, a crucial component of metrics, which helps determine why these things are happening. This increased understanding of what is causing particular issues is the main goal of security metrics, as it enables security staff to implement new policies and programs to address those underlying issues.

Metrics can also be used to demonstrate the security program’s accomplishments, complete with figures that can be presented to management to gain support and resources for the program or to encourage recognition for security staff performance.

Choosing what to measure and analyse requires careful consideration; how can an organisation be sure to identify the right security metrics from the hundreds of potentials? What are the best tools and strategies for data collection, measurement and analysis? It’s important to note that because relevant metrics vary widely and are specific to an organisation and its vulnerabilities, there is no standard answer to this question. Therefore, when designing a program, the goal must be to identify those factors that directly apply to and will affect a specific organisation’s risk, ROI, costs, legal, policy and safety issues. Among the top metrics that could be considered would be cost of downtime; incident response times; number of nuisance alarms; number of safety or security hazards identified and eliminated; security cost and/or losses per square foot; and security cost per employee and/or as a percentage of total revenue.

When designing a program,
the goal must be to identify
those factors that directly
apply to and will affect a
specific organisation’s risk

Getting relevant security metrics - key questions

While the answers will be different from organisation to organisation, there are proven processes that aid with identifying what needs to be measured. These three questions should form the basis for developing the most relevant metrics:

  • What are the business goals, needs, values and policies?
  • Who is the audience and what are their objectives?
  • What types of data will be required for metrics and analysis?

Based on how these are answered, the next step is to develop those metrics that will measure and demonstrate security’s contribution to risk management, as well as overall organisational strategies and objectives. It is crucial to treat all collected data very carefully to ensure its integrity and preserve and protect its confidentiality.

The process of analysing security data can be made more convenient and more productive with analytical software and other tools, which allow a security manager or director to easily and constantly analyse the data on security activities, losses and investigations, and to view graphs and charts that are generated automatically. The faster information is available, the faster measures can be taken to address risks and minimise incidents.

With the right data and analysis, security metrics provide valuable insight into an organisation’s current security program and policies, and enable changes to be made to address any shortcomings. These changes can then be analysed to determine whether they’ve been effective in accomplishing particular goals. By demonstrating security’s value to an organisation as a whole, metrics will have a major impact on decisions regarding security and business operations, ultimately leading to greater security and safety for people and property.

Download PDF version Download PDF version

Author profile

Brian McIlravey
Brian McIlravey Executive Vice President, PPM 2000 Inc.

Brian established the company’s Consulting & Training division and was one of the key influencers behind the design of Perspective - PPM’s next-generation incident management software - when it was introduced in 2005. With extensive experience in the incident management and Investigation industry — including both public police and private sector — Brian is a leading authority, educator and speaker on security information management and the technology that drives it.

Related videos

Upgraded feature for Xesar - Now with smartphone as well!

Upgraded feature for Xesar - Now with smartphone as well!
Enhancing government security with proactive threat detection from Wavestore

Enhancing government security with proactive threat detection from Wavestore
Join the biggest hour for Earth

Join the biggest hour for Earth

In case you missed it

What are the new security applications in colleges and universities?
What are the new security applications in colleges and universities?

College campuses are meant to be places of learning, growth, and community. Fostering such an environment requires the deployment of policies and technologies that ensure safety an...

Real-time security analytics by Winston-Salem Police Department with Verkada
Real-time security analytics by Winston-Salem Police Department with Verkada

The Winston-Salem Police Department (WSPD), internationally accredited by the Commission on Accreditation for Law Enforcement Agencies (CALEA), is dedicated to proactive, data-driv...

Oil sector cybersecurity - overcoming challenges with Honeywell's csHAZOP
Oil sector cybersecurity - overcoming challenges with Honeywell's csHAZOP

A major European oil and gas company that acquires, explores, produces and supplies chemical and petroleum products had a cybersecurity challenge. Company leadership wanted a b...

Security beat

SHIELD certification: enhancing security and stakeholder collaboration

SHIELD certification: enhancing security and stakeholder collaboration
View all

Round table discussions

What is the most overlooked factor when installing physical security?

What is the most overlooked factor when installing physical security?
View all

Security bytes

Getting to know Chris Bone, CTO at ASSA ABLOY Group

Getting to know Chris Bone, CTO at ASSA ABLOY Group
View all
Featured white papers
Security practices for hotels

Security practices for hotels

Download
Access control system planning phase 2

Access control system planning phase 2

Download
Honeywell GARD USB threat report 2024

Honeywell GARD USB threat report 2024

Download
SIA Identity and Biometrics Symposium

SIA Identity and Biometrics Symposium

Download
Facial recognition

Facial recognition

Download
Quick poll
Which feature is most important in a video surveillance system?
More expert commentary
Significance of data protection in physical security systems

Significance of data protection in physical security systems
Optimising hospital security with physical access and identity management software

Optimising hospital security with physical access and identity management software
Key control and management for emergency situations at educational facilities

Key control and management for emergency situations at educational facilities
Featured products
HID Signo™ Biometric Reader 25B - Multi-technology, mobile ready, fingerprint reader

HID Signo™ Biometric Reader 25B - Multi-technology, mobile ready, fingerprint reader
Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity

Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity
Verkada Monitored Alarm System

Verkada Monitored Alarm System