The National Institute of Standards and Technology defines metrics as tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. Thus, security metrics assist security professionals in making asset protection decisions through the measurement of performance based characteristics of security components. Simply stated, security metrics are tools used for measuring a company’s security posture. They communicate vital information about security activities and drive decision making.
Metrics can be used to justify budgets and provide the basis for obtaining additional monies for the security department. Security metrics may be plugged into cost-benefit analyses to identify the need for various security components. For security decision-making, metrics can unveil trends and patterns in the security program’s performance from which security decision makers can make decisions to modify the program. For example, once a physical protection system is alerted of an intruder, security force personnel normally respond. By measuring time needed to respond from the security officer’s fixed post to the breached access point, the security decision maker can determine if the response time is adequate or if another post needs to be established closer to the access point. Finally, metrics assist in the development of good security practices. An example of this may be found in the use of security personnel to provide escorts for company personnel exiting the building to the parking areas. While this is a common practice in some companies, an analysis of security incidents during peak times may indicate a sharp increase in security breaches because security personnel are distracted from their primary protection duties while escorting personnel. In this instance, the value of providing escorts must also be considered in determining the company’s security practices.
For more information, please contact us