Measures and Metrics in Corporate Security

Has helped me tremendously as a new Supervisor in the Federal Government. I was able to develop a metric system that is both cost effective and efficient.

Two of the most famous quotes from Lord Kelvin are “to measure is to know” and “if you can not measure it, you can not improve it”. With that, in Measures and Metrics in Corporate Security, author George Campbell provides a quick and high-level introduction to the topic of metrics and measurement.Security metrics are a key initiative for many CISO’s. But what they often struggle with is how to find the right information security metrics, and how do they use them for functionally operational measurements that can be used to support the business.The first part of the book contains the following 3 chapters which encompass the first 70 pages:Chapter 1: The BasicsChapter 2: Types of Metrics and Performance Indicators Appropriate to the Security MissionChapter 3: Building a Model Appropriate to Your NeedsThe next 70 pages contain the following appendixes:Appendix 1: Examples of Security-Related Measures and MetricsAppendix 2: Trade Associations and Other Organizations with Security Voluntary Compliance ProgramsAppendix 3: Sample High-Level Security Work Breakdown StructureAppendix 4: Physical Security Cost Estimating TablesAppendix 5: Risk Measure MapsThe book does not have a companion web site. And it would have been quite beneficial if the templates detailed in the appendixes were available in soft copy.The book notes that security metrics can be easy to create. But really good security metrics, those that can add value to the organization can be difficult to develop. For those that are looking to create good security metrics, Measures and Metrics in Corporate Security is a good starting point.