Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Return on Security Investment: A Mission Impossible?

Optimit Risk Consulting, Engineering, Training & Management

Inge Vandijck

on 25 February 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Return on Security Investment: A Mission Impossible?

I am an economist in security.
The criminologist in me wants to understand
security risks in order to fight them effectively
The economist in me is after Return On
Security Investment in order to fight these
risks efficiently

Inge Vandijck
Managing Security Risk Consultant Optimit
CT 31000
Return on

Security to Protect

Security to Create

The Security Metric
The Security Business

Security as Necessary

The Security Challenge
The greatest challenge for
security managers is to
demonstrate the value
added by security.
In many organizations
security investments are
not (sufficiently) explained
nor justified.
Security costs are seen as necessary evil...
A Mission

Why necessary evil?
Legal obligations
An incident
An immediate threat
Necessary evil investments can
not be effective, nor efficient,
nor can bring Return On
Security Investment.
Return On Security
Investment at least needs
to protect value.
Mature organizations understand
the link between security and
the protection of value
which is already created
within the organization.
The Return on Security
Investment is regarded in terms
of negative consequences that
are avoided or limited.
Can security management
also effectively create
new value?
Risk is linked with objectives,
objectives are linked with risks.
A ship is safe in harbor, but
that is not what ships are
built for...

William Shedd
An incident with negative consequences
may ultimately have
a positive impact.
E.g. the negative consequences
of 9/11 can still be felt today;
however there also positive
consequences: ‘Securitization’
in the fight against terrorism.
After 9/11, security laws, regulations
and policies are implemented including a wider and integrated application:
International Ship and Port Facility Security Code (ISPS)
Customs Trade Partnership Against
Terrorism (CTPAT)
Authorized Economic Operator (AEO)
European Program Critical
Infrastructure Protection (EPCIP)
Security intrinsically can have a positive impact.
Secure private organizations attract business.

Secure countries, regions, cities … attract investors, citizens wanting to live/work there, public transportation services attract customers…

Compliance with e.g. ISPS, CTPAT, AEO... creates commercial and financial benefits.
2' elevator approach:
So what?

A chief of police wants to convince the city's mayor to approve an investment in cameras and Automatic Number Plate Recognition (ANPR).
He could argue:

We need cameras and it will cost us 2 Mio €, or;
Every city is installing cameras, we cannot stay behind.

A recipe for refusal...
A recipe for approval is to link and justify the investment with the objectives of the city and the police force:
Crime prevention (deterrence)
Effective response (support by images/info)
Efficient response (the ANPR intercepts black listed vehicles more efficiently that random controls)
'Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted'.

Albert Einstein
If you can’t measure it, you can’t manage it.

Peter Drucker
Anything can be measured.

Douglas Hubbard
The myth that the value added by security can’t be measured is a significant drain on public and private security.
ANPR case:
Prevention: crime statistics...
Effective response: statistics on vehicles intercepted (black list: stolen, not insured, no technical control…)
Efficient response: number of intercepted vehicles/police officer...
a Mission Impossible.

Efficiency is doing things right, effectiveness is doing the right things.

Peter F. Drucker
Full transcript