In Depth

Metrics for Corporate and Physical Security Programs

CSOs count on physical security metrics to evaluate their organizations' performance and to communicate security's value to other business executives

By Tom Wailgum

Levine says Georgia Power collaborates on metrics reviews with other security managers from within Southern's 12 operating companies. (Besides Georgia Power, there are four electric utilities and companies in wholesale power, power generation management, natural gas, nuclear power and energy services. Southern also owns a wireless company and a fiber optics business.)

As for data quality, Levine says that it's important to watch out for the equivalent of scorekeeping changes. She says Georgia Power recently transitioned from a 10-year-old case management system to a new system developed last year by Southern's security managers. The case management system is a database that records all the details of incidents that are reported to corporate security. This includes an incident narrative and summary; victim, witness and reporting party names; losses; investigative activity; and case resolution.

Building the new system required a review of incident definitions so that a year-to-year comparison made sense, she says. For example, the old case management system had separate incident categories for burglary, larceny, fraud and robbery. But in the new case management system, all of those crimes are categorized as financial matters. "To make an apples-to-apples comparison between the old and the new, we have to select a specific subcategory (for example, larceny) in the new system," Levine says. "Otherwise, the analysislarceny versus financial matterswould show that we'd had a crime wave at Georgia Power." And that's the last thing that Levine and her executives want to hear.

• Email
• Print
• Comments
• Digg This
• SlashDot

• Five Metrics That Matter
• A Few Good Information Security Metrics