Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Return on Security Investment: A Mission Impossible?
Transcript of Return on Security Investment: A Mission Impossible?
The criminologist in me wants to understand
security risks in order to fight them effectively
The economist in me is after Return On
Security Investment in order to fight these
Managing Security Risk Consultant Optimit
Security to Protect
Security to Create
The Security Metric
The Security Business
Security as Necessary
The Security Challenge
The greatest challenge for
security managers is to
demonstrate the value
added by security.
In many organizations
security investments are
not (sufficiently) explained
Security costs are seen as necessary evil...
Why necessary evil?
An immediate threat
Necessary evil investments can
not be effective, nor efficient,
nor can bring Return On
Return On Security
Investment at least needs
to protect value.
Mature organizations understand
the link between security and
the protection of value
which is already created
within the organization.
The Return on Security
Investment is regarded in terms
of negative consequences that
are avoided or limited.
Can security management
also effectively create
Risk is linked with objectives,
objectives are linked with risks.
A ship is safe in harbor, but
that is not what ships are
An incident with negative consequences
may ultimately have
a positive impact.
E.g. the negative consequences
of 9/11 can still be felt today;
however there also positive
in the fight against terrorism.
After 9/11, security laws, regulations
and policies are implemented including a wider and integrated application:
International Ship and Port Facility Security Code (ISPS)
Customs Trade Partnership Against
Authorized Economic Operator (AEO)
European Program Critical
Infrastructure Protection (EPCIP)
Security intrinsically can have a positive impact.
Secure private organizations attract business.
Secure countries, regions, cities … attract investors, citizens wanting to live/work there, public transportation services attract customers…
Compliance with e.g. ISPS, CTPAT, AEO... creates commercial and financial benefits.
2' elevator approach:
A chief of police wants to convince the city's mayor to approve an investment in cameras and Automatic Number Plate Recognition (ANPR).
He could argue:
We need cameras and it will cost us 2 Mio €, or;
Every city is installing cameras, we cannot stay behind.
A recipe for refusal...
A recipe for approval is to link and justify the investment with the objectives of the city and the police force:
Crime prevention (deterrence)
Effective response (support by images/info)
Efficient response (the ANPR intercepts black listed vehicles more efficiently that random controls)
'Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted'.
If you can’t measure it, you can’t manage it.
Anything can be measured.
The myth that the value added by security can’t be measured is a significant drain on public and private security.
Prevention: crime statistics...
Effective response: statistics on vehicles intercepted (black list: stolen, not insured, no technical control…)
Efficient response: number of intercepted vehicles/police officer...
a Mission Impossible.
Efficiency is doing things right, effectiveness is doing the right things.
Peter F. Drucker