The use of metrics to manage enterprise security risks: Understanding, evaluation and persuasion
Abstract
Metrics drive business decisions and behaviour. Properly developed using psychometric principles, metrics provide a solid rationale for senior management to make prudent decisions about organisational growth as well as facilitating the assessment of internal policies and programmes. Until recently, there has been little research on the development of effective performance metrics, especially in the security field. The American Society for Industrial Security International (ASIS International) provided funding for an extensive study into the development of metrics for the security profession. The study included an online survey, telephone interviews, and a review of the literature and best practices of past research on metrics. Based on the data collected, a security metrics evaluation tool was developed, incorporating core psychometric principles and reflecting both operational and strategic corporate requirements. Finally, guidelines were developed for presentation to senior executives.
The full article is available to subscribers to the journal.
Author's Biography
Peter E. Ohlhausen is a researcher and consultant in security, criminal justice and technology. As President of Ohlhausen Research, Inc., he performs security and crime-related projects for corporate clients and such organisations as American Society for Industrial Security International (ASIS International), John Jay College of Criminal Justice, US Department of Justice, US Department of Homeland Security and the International Association of Chiefs of Police. He was formerly editor of Security Management, the monthly magazine on corporate security. He was a speaker at the ASIS Annual Seminar & Exhibits from 2013 to 2017. Mr Ohlhausen graduated from the University of Virginia and has also pursued studies at Cambridge University and Harvard University.
Daniel Mcgarvey is the Senior Principal Business Process Analyst for Alion Science and Technology. His responsibilities include providing executive consulting in strategic planning for programmes supporting government and industry. He is the Senior Instructor for the National Security Training Institute, and the lead for analytical development in the Insider Threat Working Groups for both ASIS International and the Intelligence and National Security Alliance. He is a retired member of the Defense Intelligence Senior Executive Service, as the Director, Information Protection, Office of the Administrative Assistant to the Secretary of the Air Force, Headquarters US Air Force. He was the subject matter expert for the ASIS Foundation Metrics Research Project.
Citation
Ohlhausen, Peter E. and Mcgarvey, Daniel (2018, September 1). The use of metrics to manage enterprise security risks: Understanding, evaluation and persuasion. In the Journal of Business Continuity & Emergency Planning, Volume 12, Issue 1. https://doi.org/10.69554/RIRE8376.
Publications LLP