1. A framework of security policies explicitly endorsed by top management to provide the legal framework for positive influence.
2. A core management philosophy that holds line managers accountable for protecting the firm and establishes the security executive as the content expert prepared to empower those managers with the information they need to be effective custodians.
3. A clearly established role in the firm's risk management program enables the security executive to better understand the adequacy of business process controls and to influence the governance infrastructure on lessons learned.
4. A qualitative analysis and reporting program provides the metrics dashboard, connects the dots and draws actionable conclusions.
5. A comprehensive communication and awareness program provides the script for influence and employee empowerment.
It is generally accepted that the truly effective executive is the one who has mastered the ability to influence up and down in their organization. Influence as a core competency is the heart of the measurably effective CSO. Metrics are a tool used to facilitate influence, to demonstrate, argue, support and convince.
George Campbell is emeritus faculty of the Security Executive Council and former CSO of Fidelity Investments. His book, Measures and Metrics in Corporate Security, may be purchased through the Security Executive Council Web site, https://www.csoexecutivecouncil.com/?sourceCode=std . This article is copyrighted by the Security Executive Council and reprinted with permission. All rights reserved.