By The Sage Group

The Professional Services Group (PSG) of Aronson Security Group asked us to comment on four questions related to metrics. Since creating, measuring and accelerating value is our focus, we were happy to oblige. Here are the four questions:

  1.  How do you determine what to formally measure?
  2.  How do you collect, understand and report on those metrics?
  3.  What value does security get from investing in metrics?
  4.  What value does the organization get from investing in metrics?

By Scott Schmidt, VP of Engineering & Professional Services

I took the challenge from our Professional Services Group to answer the probing questions around an approach that might help security professionals choose the right solution, or, a set of tools used for a measurable process by people with definitive roles and responsibilities.

The following are the questions and my answers:

By ASG's Professional Services Group, ASG

Your organization runs by the processes that are developed by security executives/managers like you. Some of them are cultural (this is the way we always do things) and some of them may be documented in writing and stored. Hopefully they are stored somewhere easily accessible by the people who are involved with those processes such as a SharePoint site or a pre-defined location in your corporate database.

Your standard operating procedures (SOP) are dictated by these processes. Without SOP guidelines anchored by core processes and metrics, you are hoping for results, not proactively managing to them. 

By ASG's Professional Services Group

I discovered something ironic on a recent client trip overseas.   I found out that it doesn’t matter where you are in the world, the story for customers doesn’t change.  While with a client in the Middle East, I met with some of the higher ranking people within the organization. They explained to me that they were in dire need of someone who could help them with their strategy and not just sell them cameras. Through our discussions we were able to sit in on an integrator briefing around a project and I noticed the same questions I have heard many times in many meetings just like this one:

As a security manager, you have procedures, processes, regulations and industry specific standards to help you keep things running smoothly. But how can you ensure that your security department is working? Is there a way to create a real time performance–based compliance dashboard for Security that would give you the advantage of saving time, money and upgrading the quality of your security department’s intelligence? Yes there is.  

ASG defines Security Process Optimization as a way to manage the roles, relationships, processes and systems that are unique to directing and controlling outcomes within security in order to achieve the organization’s goals, cut costs, drive performance and increase the organization’s value.  

ASG follows three important steps when conducting SPO:

Security Systems and Process Assessment
•    Technology Assessment to identify the current technology and system architecture
•    Process Assessment to identify security’s core processes and the people who manage, support and benefit from it
•    Executive Assessment to define the strategic importance of security to the organization through its risk and opportunity assessment

Process Improvement
•    Once ASG knows what your current situation looks like the next phase is to determine and measure immediate performance improvements as well as improve security’s value over time

Security Planning
•    Create an architecture to guide the design, acquisition and deployment of technology
•    Identify the processes, roles and tools needed for continuous improvement
•    Determine the key performance metrics that will guide the budget, resources and technology
•    Plan the roadmap for the future to provide optimum performance

Let’s face it, nothing lasts forever and eventually that super-state-of-the-art security system that you implemented will fail. Your access control system might stop working and lock your employees out of the building. Or maybe your intrusion detection system develops a bug and starts spamming the monitoring company or police with false alarms. Or maybe the camera system that your guards use to remotely patrol your facilities stops broadcasting. No matter how good the system is when you installed it, eventually it’s going to develop a problem. So how do you prepare for this inevitable critical systems failure to minimize the impact it will have on your organization? We will start with the first three of 5 simple tips that you can put into place now to help minimize the damage when the worst happens.  Check back on Thursday to see the last two.

By Michael Rosa

If you manage a large fleet of vehicles you know what a pain it can be to coordinate and provide maintenance for those vehicles. Heck, even if you just own your own car it can sometimes be overwhelming. Oil change every three months. 40,000 mile service. Wait, or is that 60,000 miles? And what about the seals and gaskets, when do those need to be replaced? But despite the work and the cost you do it anyway. Why? Because you know that the last thing you want is to be stranded along side the road with the hood of your car propped open and smoke pouring out.