The Security Value Chain


Published on

By aligning your security and compliance activities in the context of Michael Porter's value chain, you can seek out new metrics to determine your success in mitigating and managing risks.

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The Security Value Chain

  1. 1. Security Value Chain The Business of Security Value
  2. 2. Porter’s Value Chain Firm Infrastructure Human Resource Management Margin Technology Development Procurement Inbound Outbound Marketing Operations Service Logistics Logistics & Sales
  3. 3. Your NEW Value Chain You Inbound Outbound Marketing Operations Service Logistics Logistics & Sales
  4. 4. Inbound The number one raw Logistics material for the business of security is INFORMATION! Where do you get it from? How do you store it?
  5. 5. Operations This is where you add VALUE! What value do you add to the information? What new information do you create? What is it that you and your team do?
  6. 6. Outbound Getting that VALUE out to Logistics your customers. Who is your customer? How do you package the information? Is it easy to get? Is it easy to use? It’s all about the DELIVERY.
  7. 7. Marketing Better than a Security & Sales Awareness Program! Create demand for your services. Pulling instead of pushing. It’s about CONSTANT communication!
  8. 8. Service This is where you maintain VALUE! High touch, high frequency. Strengthen your brand. Broaden your reach. Set SLAs. Live up to them! Incorporate criticism into improvements.
  9. 9. Sample Service Map Inbound Operations Outbound Marketing & Service Value Logistics Logistics Sales Chain Vulnerability Prioritizing Reporting Educating Training Data Patch Alerts Correlating Self-Serve Advertising Support Key Functions Event Streams Analyzing Face-to-Face Marketing Response Decision User Inquiries Validating Selling Engagement Support
  10. 10. Inbound Logistics Metrics Inbound Logistics Look for trends. Vulnerability Time to remediate. Data Security events by demographic. % of patches released vs. relevant. Patch Alerts Common user inquiries. Event Streams User Inquiries
  11. 11. Operations Metrics Operations Measure efficiency ruthlessly Prioritizing # of systems changed in/out of maintenance window. # of projects with security oversight. Correlating Time to decommission accounts. Analyzing Validating
  12. 12. Outbound Logistics Metrics Outbound Logistics It’s about engagement Reporting % reports read. Size of communication audience. # of project meetings attended. Self-Serve Frequency of customer contact. Don’t forget packaging! Face-to-Face Decision Support
  13. 13. Marketing & Sales Metrics Marketing & Sales Demand generation Educating % of org educated. # of hits to security portal. # of project security checklist Advertising downloads. “Pipeline” of projects. Marketing # of contacts before engagement. Selling
  14. 14. Service Metrics Service Stay connected Training Scheduled training events. # of security related support calls. # of reported incidents per unit. Support Time from call to response. % of returning callers. Response % of users trained. Engagement
  15. 15. Questions? Brandon Dunlap Managing Director of Research Twitter: @bsdunlap Brightfly, Inc. Twitter: @brightfly