By aligning your security and compliance activities in the context of Michael Porter's value chain, you can seek out new metrics to determine your success in mitigating and managing risks.
2. Porter’s Value Chain
Firm Infrastructure
Human Resource Management
Margin
Technology Development
Procurement
Inbound Outbound Marketing
Operations Service
Logistics Logistics & Sales
3. Your NEW Value Chain
You
Inbound Outbound Marketing
Operations Service
Logistics Logistics & Sales
4. Inbound The number one raw
Logistics
material for the business of
security is INFORMATION!
Where do you get it from?
How do you store it?
5. Operations
This is where you add
VALUE!
What value do you add to
the information?
What new information do
you create?
What is it that you and your
team do?
6. Outbound Getting that VALUE out to
Logistics
your customers.
Who is your customer?
How do you package the
information?
Is it easy to get?
Is it easy to use?
It’s all about the DELIVERY.
7. Marketing Better than a Security
& Sales
Awareness Program!
Create demand for your
services.
Pulling instead of pushing.
It’s about CONSTANT
communication!
8. Service
This is where you maintain
VALUE!
High touch, high frequency.
Strengthen your brand.
Broaden your reach.
Set SLAs. Live up to them!
Incorporate criticism into
improvements.
9. Sample Service Map
Inbound
Operations
Outbound Marketing &
Service
Value
Logistics Logistics Sales
Chain
Vulnerability
Prioritizing Reporting Educating Training
Data
Patch Alerts Correlating Self-Serve Advertising Support
Key
Functions
Event Streams Analyzing Face-to-Face Marketing Response
Decision
User Inquiries Validating Selling Engagement
Support
10. Inbound Logistics Metrics
Inbound
Logistics
Look for trends.
Vulnerability Time to remediate.
Data
Security events by demographic.
% of patches released vs. relevant.
Patch Alerts
Common user inquiries.
Event Streams
User Inquiries
11. Operations Metrics
Operations Measure efficiency ruthlessly
Prioritizing
# of systems changed in/out of
maintenance window.
# of projects with security oversight.
Correlating
Time to decommission accounts.
Analyzing
Validating
12. Outbound Logistics Metrics
Outbound
Logistics
It’s about engagement
Reporting
% reports read.
Size of communication audience.
# of project meetings attended.
Self-Serve
Frequency of customer contact.
Don’t forget packaging!
Face-to-Face
Decision
Support
13. Marketing & Sales Metrics
Marketing &
Sales
Demand generation
Educating
% of org educated.
# of hits to security portal.
# of project security checklist
Advertising
downloads.
“Pipeline” of projects.
Marketing
# of contacts before engagement.
Selling
14. Service Metrics
Service Stay connected
Training
Scheduled training events.
# of security related support calls.
# of reported incidents per unit.
Support
Time from call to response.
% of returning callers.
Response
% of users trained.
Engagement
15. Questions?
Brandon Dunlap
Managing Director of Research
bsdunlap@brightfly.com
Twitter: @bsdunlap
Brightfly, Inc.
www.brightfly.com
Twitter: @brightfly