Free Essay

Performance-Based Security Planning

In:

Submitted By ronworman
Words 927
Pages 4
The New Performance-Based Security Program

Authored by The Sage Group

The Professional Services Group (PSG) of Aronson Security Group asked us to comment on four questions related to metrics. Since creating, measuring and accelerating value is our focus, we were happy to oblige. Here were the four questions:

* How do you determine what to formally measure? * How do you collect, understand and report on those metrics? * What value does security get from investing in metrics? * What value does the organization get from investing in metrics?
What is Performance-Based security?
Measuring security performance means assessing business and security results to: (1) determine how effective the strategies and operations are and (2) make changes to address shortfalls and other problems.
There are different methods and criteria for measuring performance. However, the common strand through each is the ability to measure the results generated by core business processes, using specific metrics. For each process, there are many possible metrics.
Why should Security Organization’s Measure? * Improvement: Understand your strengths and your weaknesses. Show continuous improvement over time. * Planning and forecasting: Performance metrics creates a progress trend line allowing organizations to not only be clear on their current performance position but also forecast their future condition based on the data * Technology Lifecycle Management: Performance metrics are non-existent for the up-time metrics of the hardware and software that security uses. But this ‘viability index’ can measure service costs, availability costs, levels of risk incurred with downtime, and the lifecycle of the total solution. * Security as ‘friction’ or ‘lubricant’ to company value: When Security interacts with core business processes, is it an obstacle to company performance or a critical value driver? These intersections are more common than you think. Find them and measure them and reap the rewards. * Competition: When organizations benchmark their performance against their competition or even similar companies in a different market space they can identify practices that can improve their performance over time * Reward: By knowing the organization, the department and individual employees that have performed in achieving their outcomes, leaders can determine budget and compensation alignment accordingly * Regulatory and standards compliance: A baseline metric and a benchmark assist in forecasting compliance capacity and performance.
How do you start?
Performance Management begins with defining your objectives, the Critical Success Factors (CSFs), and the metrics by which you will measure performance.
Security, as an organization, may have inherited a company system by which this is expressed. If so, then the data you will eventually collect will be expressed through that form or expression.
Regardless, you must understand the objectives of your leadership team and how performance is best expressed, then arrive at your own that aligns with those objectives.
For each objective you arrive at, you must determine the actions that will lead to a successful outcome. These are your CSFs. Then you add a performance metric that defines the success of a CSF and a target for individual and organizational achievement.
The following represents a simplification and example of that effort: Objective | Critical Success Factors | Performance Metric and Targets | Reduce Cost in our processes | * Assess Processes for Velocity, Quality, and Outcomes looking to reduce steps, time, and cost * Review Technology (Tools) deployed * Review and assess supply chain for outside services and products | * Improve Time to Value/Action by 10% * Increase Quality of Service by 25% * Reduce cost of bidding process and vendor management by 50% | Improve Knowledge Sharing | * Identify key processes and reports * Identify critical ‘consumers’ of each * Identify portal technology that leverages authors, reviewers and consumers | * 100% Awareness of and ability to access documents, reports and data by critical consumers * 100% Compliance with key processes improves by 50% |
Acquiring the baseline data for performance measurement is critical. In some cases the data exists but it is difficult to access because it resides in another department, in a database that does not have a clear or straightforward means to report on it, or it is with an external party. However, without data, future measurement cannot take place. A good security process consultant will walk a process through its steps measuring the velocity and documenting the behavior of the people and their tools.
Sometimes you need to measure subjective and objective data. For example, how would you measure ‘Customer Satisfaction’; you might use an objective survey form to acquire subjective data.
You must also consider the reliability of the data you are collecting. Consider future measurements you will be taking over time and ensure you are getting reliable, accessible, and accurate data.
Finally each metric has a target. The target is a science and an art. Targets must be achievable but also inspire exceptional performance. In a period of initial change, consider setting targets that are readily achievable to help your people adjust to the new conditions. Over time, begin creating competitive benchmarks from industry data that allow you to claim a clear leadership position.
Security as a process, through its people, and through the technology it uses generates data. Determining how to translate data into information and then elevate it to security business intelligence will be critical to managing cost effective security programs that allow for transformative innovation. Product manufacturers need to make it easier to exploit the data that is generated by their technology devices and software. Integrators need to know the business better to be able to assist in workflow and technology use patterns. And security professionals must become performance driven for the sake of their profession, the companies they represent and their strategic place at the table in the C-Suite.

Similar Documents

Premium Essay

Tnm Project

...Subject: Telecommunication Networks Management Assignment Number: Project Part A Date Submitted: 2 September 2010 Assignment Title: Identification of Video Delivery management items in LTE Mobile network Student Name(s) and Number(s): Tutorial Group: Qian LI (10948368) (10901573) Shang LI Declaration of Originality: The work contained in this assignment, other than that specifically attributed to another source, is that of the author(s). It is recognised that, should this declaration be found to be false, disciplinary action could be taken and the assignments of all students involved will be given zero marks. In the statement below, I have indicated the extent to which I have collaborated with other students, whom I have named. Signature: Qian Li, Shang Li Statement of Collaboration: Fault Management functions: For mobile data service demands in LTE network, the functions that enable the detection, isolation and correction should be support to manage fault. The measurements which are qualified for Fault Management depend on the requirement. RAS: Reliability, Availability and Survivability is designed to achieve the goal. Business management layer    Service management layer    Network management layer    Elements management layer    Goal of Reliability, Availability, and Survivability should be assessed and organised. The main point is to control the quality of LTE video services...

Words: 1662 - Pages: 7

Premium Essay

High Level and Detailed Cloud Roadmap

...1) Perform Preliminary Readiness Assessment 2) Perform Preliminary Vendor Assessment 3) Perform Preliminary Migration Planning 4) Manage the Migration - Pre-Migration Planning -Migrate to Cloud Based Infrastructure -Decommission Legacy systems - Optimize for the Cloud - Maintain and Improve 5) Formalize Architecture Review Board process - Profile IT Systems -Review Business Impact Analysis -Formalize Future State Architecture 6) Manage Vendor Selection / Contracting -Develop Detailed requirements - Release RFPs and evaluate CSPs -Selects CSPs and Establish Contracts 7) Manage Enterprise Cloud Migration and Modernization -optimize re-architect systems for the cloud - monitor performance and service levels - Use cloud Maturity Model to evaluate Organizations and Improve Manage the Migration Key Activities Determine authority, scope and goals of the ARB (or review and update if already established) Formalize and document processes and procedures for the HUD Architecture Review Board (ARB) Establish governance structure to review modernization projects and determine alignment with cloud migration efforts and alignment with business impacts/needs Oversee vendor selection process and contract establishment Oversee cloud migration activities • Re-prioritize initiatives based on business needs, IT constraints, and security level • Review cost / benefit analysis for cloud migration initiatives • Review initiative specific migration plans ...

Words: 1075 - Pages: 5

Premium Essay

Wingtip Toys

...availability • Streamlined management over your remote systems • Improved security to help ensure the confidentiality, integrity and availability of your data • Seamless, secure internet connection by mobile workers to your corporate network without the need for a virtual private network (VPN) • Faster file downloads for branch office users • Dedicated features, such as Direct Access and BranchCach, aimed specifically at maximizing the synergy between Windows Server 2008 clients to enable powerful remote access capabilities Migration steps are different based on the server role or the applications to be migrated. There is no single step to migrate all types of server roles or applications, hence there are quite a lot of factors we will need to consider. A typical migration process involves clean installation of the operating system, installation of server roles, move data and settings from source to destination new server and point the clients to the new server. Microsoft has tons of tools available to ensure a smooth migration. These tools will help speed up the deployment of Windows Server 2008 in your existing infrastructure, by ensuring that your network infrastructure and existing hardware are supported and by providing recommendations on a successful migration. Generally there are two stages involved for the migration: Planning and implementing. For planning, the Microsoft Assessment and Planning provides an...

Words: 1736 - Pages: 7

Premium Essay

Human Resource Plan

...UNIVERSITY HRMT600 Human Resource Management Overall planning context Like all Organizations, Jamaica Transport (KIN) constantly has to adapt to external and internal changes. External changes such as economic situations, increased global commerce, new security threats or emerging environmental priorities impact directly on the organization’s business and HR plans. Internal changes, such as the need to carry out the organization’s business differently through risk management systems or a shrinking pool of skilled employees in our workforce, have equally important impacts on KIN’s business and HR plans. KIN must ensure that its current and future work, workforce and workplace are properly aligned and integrated with its goals and priorities. It has become clear that the organization’s most critical challenge is to recruit and retain the skilled workforce required to keep pace with change. This is further complicated by retirements, which bring loss of expertise, particularly among managers, as well as professional and technical employees. However, it is important to note that given the recent shift in the economic situation, the risk associated with these challenges might be diminished. Living in a changing environment brings new opportunities that might be reflected in the need to adjust and realign KIN’s focus and strategies. This reality requires strategic responses through a rigorous and adaptable planning process. Building on our strengths and successes ...

Words: 2921 - Pages: 12

Premium Essay

Hr Management and Business

...HR Management Chapter 1: Changing Nature of HR Management HR Management: policies, practices and systems that influence an employee’s behavior, attitude, and performance in the attainment of organizational goals HR Activities Strategic HR Management: linking HR function with strategic objectives of the organization in order to improve performance. • Measure HR effectiveness • HR metrics • HR technology (HRMSs) • HR planning Equal Employment Opportunity Compliance with laws Diversity of multicultural and global workforce Employment equity legislation Staffing Job analysis Job description/job specification Selection process Talent Management and Development Orientation Training Career Planning Performance Management Total Rewards Compensation (pay, incentives, benefits) Variable pay programs Health Safety, Security EAPs (Employee Assistance Programs) Health promotion Workplace Security Employee and Labour Relations Employee rights Policies and Procedures Union/Management relations Every manager in an organization does HR functions. Small company: less than 100 employees - shortages of qualified workers, increasing costs, increased wage pressures, increasing competition Medium sized companies: 100 to 500 employees HR Managers work with Operating Managers Management of Human Capital Physical Financial Intangibile Human Human capital/Intellectual capital: collective value of the capabilities...

Words: 3215 - Pages: 13

Premium Essay

Management

...Information System (HRIS), refers to the systems and processes at the intersection between Human Resources Management (HRM) and Information Technology. The HR function consists of tracking existing employee data which traditionally includes personal histories, skills, capabilities, accomplishments and salary. To reduce the manual workload of these administrative activities, organizations began to electronically automate many of these processes by introducing specialized Human Resource Management Systems (HRIS). * Currently Human Resource Management Systems encompass: * Payroll * Work Time * Benefits Administration * HR management Information system * Recruiting * Training/Learning Management Systems * Performance Record * Employee Self-Service * Attracting, retaining, and motivating employees;...

Words: 2545 - Pages: 11

Premium Essay

Paper Case Study Nantonia 

...Paper Case study Nantonia  ICT Strategy & Planning Master : ICT in Business Location : University, Leiden Course : ICT Strategy & Planning Assignment : Paper Case study Nantonia Date : 3 June 2011 Name : Suraj Soerdjbali Studentnr : Teacher : ------------------------------------------------- Part 1 The business model: 1. Partners: Natepco is a subsidiary of Natonia Energy Holdings. Which on their turn have a joint venture with Prime Energy Group and Government of Natonia 2. Key activities: The key activities of Natepco are exploration and production 3. Key resources: The key resources of Natepco are sell crude oil to commodity markets and gas (LHG) to power/electricity producers 4. Value Proposition: crude oil and gas (LHG) 5. Relationship: Their Brand, retaining customers 6. Distribution and acquisition channel: Traders, electricity producers 7. Customers: willing market in local industry 8. Cost structure: Manufacturing, exploration, maintenance 9. Revenue streams: The IT systems being used within the business model: * Partners: Prime Energy Group is in consideration of implementing SAP * Key activities: VAX/Compaq systems are used for drilling applications, HP systems are used for running applications for maintenance en procurement. Offshore platforms uses email application and application access * Key resource: IBM systems for finance The business maxims that I found in the case...

Words: 3623 - Pages: 15

Premium Essay

Mountainview Itil V3 Process Poster

...relevant metrics from a process in order to determine its weakness and establish an action plan to improve the process. Activities 1 Define what you should measure 2 Define what you can measure 3 Gathering the data 4 Processing the data 5 Analyzing the data 6 Presenting and using the information 7 Implementing corrective action Repeat the Process Inputs Each activity has inputs Outputs Each activity has outputs Roles Process Owner, Service Manager, CSI Manager, Service Owner Knowledge Management Process Owner Reporting Analyst Service Measurement and Reporting Goal To monitor services and report on improvement opportunities Activities Service Measurement •Objective (Availability, Reliability, Performance of the Service) •Developing a Service Measurement Framework •Different levels of measurement and reporting •Defining what to measure •Setting targets •Service management process measurement •Creating a measurement framework grid •Interpreting and using metrics •Interpreting metrics •Using measurement and metrics •Creating scorecards and reports •CSI policies Service Reporting •Reporting policy and rules Inputs SLA Targets, SLRs, OLAs, Contracts Outputs Service Improvement Program, SLAM Reports Roles Process Owner, Service Manager, CSI Manager, Service Owner Knowledge Management Process Owner Reporting Analyst Service Strategy Deming Cycle – Plan Do Check Act Goal The goal in using the Deming...

Words: 4361 - Pages: 18

Premium Essay

Unit 6: Rooms Division Operations Management

...services and laundry; cleaning services; environmental issues; health, safety and security; documentation and records Front office services: roles and responsibilities; reception; advanced reservations; concierge; administration; working procedures; control mechanisms; interior design; first impressions; guest records; the guest cycle; occupancy rates and monitoring; selling and promotion; tariffs and discounting; billing; point of sale (POS); payment procedures; cash control and reconciliation; security Legal and statutory requirements: health and safety; hazardous substances; protective clothing; consumer law; price tariff and display; data protection; immigration (hotel records); diplomatic privileges Diverse contexts: hospitality businesses; at least three examples eg hotel, restaurant with rooms, university campus LO2 Understand the impact of contemporary management issues on the effective management and business performance in the front of house area Planning and managing: business/departmental plans; operations; procedures; POS management; security; night audit; use of technology; operational constraints; evaluating; controlling and updating front-of-house services; health and safety; consumer and data protection; pricing Front-of-house area: visual impact; first impressions; design and layout; zoning; ambience; colour; flowers/plants; heating; lighting; airflow; cleaning and maintenance; security Services: examples eg rooms related,...

Words: 1058 - Pages: 5

Premium Essay

: It Security and Disaster Recovery Management

...Case Assignment ITM527: IT Security and Disaster Recovery Management Dr. Kenneth Phillips August 26, 2013 Introduction The Malcolm Baldrige National Quality has evolved from a means of recognizing and promoting exemplary quality management practices to a comprehensive framework for world class performance, widely used as a model for improvement. As such, its underlying theoretical framework is of critical importance, since the relationships it portrays convey a message about the route to competitiveness. This paper will compare how two schools us the support related to the validity of the Baldrige framework by examining both schools plans at the level of its theoretical constructs. By moving beyond the specific criteria, I seek to examine it in a larger context, how these schools and business in general can use it for strategic planning. Baldrige and Plans The Baldrige literature has been influential in providing guidance for achieving performance excellence in businesses. The Malcolm Baldrige National Quality Improvement, which embodies many elements from UC Berkeley and UC Boulder strategic IT plans, offers a framework for implementing a set of high-performance management practices, including customer orientation, business process management, and fact-based management. This framework points to the interconnections between information and analysis, process management, customer management, and performance management and acknowledges...

Words: 996 - Pages: 4

Premium Essay

Disseminating Organizational It Security and Troubleshooting Best Practices

...Disseminating Organizational IT Security and Troubleshooting Best Practices Patrick Peck CIS329: Administering Desktop Clients Professor Cynthia Orth Strayer University 17 March 2013 Disseminating Organizational IT Security and Troubleshooting Best Practices The organization being analyzed here is a video store that works within a semi-commercial area of a metropolitan city. The video store aims to enhance its overall IT infrastructure and increase security of the videos/hardware/software through the implementation of useful IT infrastructures. The problem, thus, is that there is no real information technology security measure employed in the video shop in terms of user authentication and similar processes. There is very little awareness of the necessary IT security measures amongst the current management heads which is why they need an effective IT security plan and structure to implement to ensure there is no copyright infringement and stealing from their shop. The problem of having no IT infrastructure within the video store is that it directly affects all products and videos that are at the disposal of the customers online as well as on-site. The guidelines associated to the informational security strategy should incorporate contingency actions which will facilitate the video shop to endure any discrepancy or calamity and tackle it audaciously. Actions like incorporating data storage and extraction with the use of data-warehousing and data-mining techniques...

Words: 2912 - Pages: 12

Free Essay

Accountant

...to do the right thing, and our commitment to quality, which is embedded in who we are and everything we do. Advisory Services Who we are One business, one Advisory practice We operate as the most globally integrated firm, with one methodology, across all our geographical areas. It's a structure that enables us to mobilize our people quickly, and allocate them to projects in the right place, at the right time. Through our industry-focused approach and worldwide reach, we help clients like you manage risk, improve performance and sustain the results. How we work We help drive your business performance Some consulting firms think only about business strategy; some physically deploy technology; but our Advisory services help execute enterprise-wide performance transformation initiatives. We help turn strategy into reality. KPMG in Kenya provides Audit, Tax, and consulting delivering a globally consistent set of multidisciplinary financial and accounting capabilities based on deep industry knowledge.   KPMG professionals in Kenya work for a wide range of clients, from global organizations to entrepreneurial start-ups., Audit We provide clients with professional advice and assurance on their controls and accounting systems all year round. We understand our clients' operations, their industry and the issues they face, and this enables us to provide them with relevant advice. The combination of our specialist skills, industry expertise and ongoing investment allows us to anticipate...

Words: 1956 - Pages: 8

Premium Essay

Continuity Planning

...Continuity planning, defined by the Department of Homeland Security (DHS) (2012), is the effort of organizations, primarily based in the public sector, to continue essential functions and operations before, during, and after disasters (DHS 2012). These disasters could be natural, man-made, or technological and could last a short or long period of time. The public sector manifest the continuity of operations standard based in the Homeland Security Presidential Directive 20, which directs the federal executive branch and its agencies to establish and maintain the most important functions, or mission essential functions (MEFs), within a 12-hour standard after the activation of the COOP or continuity of operations plan (DHS 2012). The plan is...

Words: 448 - Pages: 2

Premium Essay

Paper

...PEST Analysis in strategic Human Resources Planning Hamid Reza Qasemi Islamic Azad University of Iran, Aligoodarz Branch Hamid-reza@myway.com Abstract: The present complex world require as far as is feasible, it consider impact of important factors related to organizations in strategic planning. The strategic planning of business includes all functional subdivisions and forwards them in a united direction. One of these subsystems is human resource management. Strategic human resource management comes after the strategic planning, and followed by strategic human resource planning as a major activity in SHRM. In strategic human resource planning, it can use different analytical methods and techniques that one of them is PEST analysis. This paper introduces how to apply it in a new manner. This manner is result of practical case of application of SHRP in an organization. Key words: PEST Analysis/ Strategic Human Resource Planning/ Strategic Human resource Management. 1. Introduction: Planning is about change and change management is a difficult. Rise and fall of strategic planning indicates organizations find tools to help to navigate organization's ship into the uncertain water of change. Success of a program is difficult to assess, as changing objectives and goals and the results are not simply measurable (Martinez: 1999). The organizations always are attempting to coordinate their resources, feasibilities, tools and capital in certain framework for...

Words: 2107 - Pages: 9

Premium Essay

Hsbc Managment Ractice

...instructor of MGT101 (Principal of Management), who assigned us this challenging work. She always guided us to take and overcome this challenge successfully. Without her help in every step it was quite impossible for us to finish this report properly in time. We are also grateful to AKM Ahsan Habib, Team leader, Retail Banking and Wealth Management, and Othish Asif Rahman, Relationship Officer HSBC Select for giving us valuable information. Table of Content Topic | Pages | Chapter # I: Introduction | 01-02 | Brief History of HSBC | 01-2 | Chapter # II: Main Body | 03-17 | Management Function * Planning * Organizing * Leading * Controlling | 03-1303-0707-0910-1111-12 | Chapter # III: Conclusion | 12-15 | References | | | | Introduction The Hongkong and Shanghai Banking Corporation Limited is a prominent bank established and based in HongKong since 1865 when Hong Kong was occupied by British drug traders and made a colony of the British Empire. It is the founding member of the HSBC Group and since 1990 is now a wholly owned subsidiary of HSBC Holdings plc. The company's business ranges from the traditional High Street roles of personal finance and commercial banking, to corporate and investment banking, private banking and global banking. It is the largest bank in Hong Kong with branches and offices throughout the Asia Pacific region...

Words: 3452 - Pages: 14