A qualitative security measures and metrics program is founded on an established and clearly communicated set of internal controls focused on the integrity of the data that is gathered, the quality of the analysis and assessment applied to that data, and the assurance of data protection. Failing to embed these principles into your metrics program will eventually damage the credibility of the security program and its management.
George Campbell is emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments. His book, Measures and Metrics in Corporate Security, may be purchased through the SEC Web site. The SEC is a research and services organization. Its community includes forward-thinking practitioners, agencies, universities, NGOs, solution providers, media and industry groups. Backed by a Faculty of more than 100 current and former security executives, the Council creates Collective Knowledge™ research, which is used as a foundation for its deliverables. For more information about the Council, visit www.securityexecutivecouncil.com/?sourceCode=std. The information in this article is copyrighted by the SEC and reprinted with permission. All rights reserved.