Q: What is the fundamental benefit of any Incident Reporting and Investigation Management system?
A: The ability to reference and learn from past incidents, either alone or in compilation, in order to prevent future incidents. In other words… metrics and analysis.
It comes down to the security department’s ability to track, reference and analyze incidents in order to improve security and mitigate risk. Sometimes, it’s about referencing stats so that you can justify your budget for the necessary countermeasures. In other instances, it’s about referencing stats that showcase how well your security department is performing… one month over the next, one year over the next, compared to other organizations in the same geographical area or industry, etc.
Recognizing that we wanted to take a deep dive into the world of security metrics and how it has evolved in recent years, we contacted a former editor of Security Management, Peter Ohlhausen, to get his take on the subject (and to take advantage of his research skills), and we paired him up with our own resident expert, my Co-CEO, Brian McIlravey, CPP. We compiled their findings, then added some fresh insights and examples. The result is a new white paper entitled, Metrics and Analysis in Security Management.
I wanted to share with you an article I wrote back in September of 2009 that speaks to Peel’s Principle #9. This article focuses on the importance of using metrics to monitor the effectiveness of your security program and in turn, demonstrate your security department’s ROI.
