Articles by Brian McIlravey
The ability to measure and analyse the effectiveness of security operations is extremely useful – not only for identifying and addressing an organisation’s vulnerabilities, but also for demonstrating security’s mitigating impact on overall risk levels along with the higher-level value security delivers to a business. Brian McIlravey, Co-CEO at PPM, explains how security metrics can provide a powerful toolset for accomplishing these objectives. By quantifying information about conditions within and around facilities, along with situations and incidents which occur and the actions taken to reduce and manage risks, metrics provide insights which give the organisation a better understanding of risks and losses, helping them to identify trends and manage performance based on real and meaningful indices. Detailed and concise reporting gives security managers the means to present their findings clearly and accurately to executive management, often an essential step towards building a case for the additional budget allocations needed to improve the safety of a facility. Ultimately, security analytics are a vital resource to help an organisation minimise the risk, damage to reputation, theft, and business discontinuity that stems from breaches. Among the many different kinds of measurements they offer, security metrics can help calculate how much of the budget should be allocated towards security, which aspects should be top priorities, the most effective system configuration, return on investment (ROI), how to measure those improvements, whether exposure and risk have been reduced, and by how much. By gathering data associated with a number of factors, metrics can identify indicators that may suggest problems with a security program – identifying the root causes of incidents, rather than the symptoms – in an effort to prevent incidents before they occur or issues before they arise. Security analytics help an organisation minimise risk, damage to reputation, theft, and business discontinuity Security metrics - benefits For example, security metrics may show that there has been a rise in the frequency or severity of accidents, crimes or policy infractions, increased downtime of critical equipment, changes in security response times and much more. While this information is extremely helpful for security professionals to have, it is the associated analysis, a crucial component of metrics, which helps determine why these things are happening. This increased understanding of what is causing particular issues is the main goal of security metrics, as it enables security staff to implement new policies and programs to address those underlying issues. Metrics can also be used to demonstrate the security program’s accomplishments, complete with figures that can be presented to management to gain support and resources for the program or to encourage recognition for security staff performance. Choosing what to measure and analyse requires careful consideration; how can an organisation be sure to identify the right security metrics from the hundreds of potentials? What are the best tools and strategies for data collection, measurement and analysis? It’s important to note that because relevant metrics vary widely and are specific to an organisation and its vulnerabilities, there is no standard answer to this question. Therefore, when designing a program, the goal must be to identify those factors that directly apply to and will affect a specific organisation’s risk, ROI, costs, legal, policy and safety issues. Among the top metrics that could be considered would be cost of downtime; incident response times; number of nuisance alarms; number of safety or security hazards identified and eliminated; security cost and/or losses per square foot; and security cost per employee and/or as a percentage of total revenue. When designing a program,the goal must be to identifythose factors that directlyapply to and will affect aspecific organisation’s risk Getting relevant security metrics - key questions While the answers will be different from organisation to organisation, there are proven processes that aid with identifying what needs to be measured. These three questions should form the basis for developing the most relevant metrics: What are the business goals, needs, values and policies? Who is the audience and what are their objectives? What types of data will be required for metrics and analysis? Based on how these are answered, the next step is to develop those metrics that will measure and demonstrate security’s contribution to risk management, as well as overall organisational strategies and objectives. It is crucial to treat all collected data very carefully to ensure its integrity and preserve and protect its confidentiality. The process of analysing security data can be made more convenient and more productive with analytical software and other tools, which allow a security manager or director to easily and constantly analyse the data on security activities, losses and investigations, and to view graphs and charts that are generated automatically. The faster information is available, the faster measures can be taken to address risks and minimise incidents. With the right data and analysis, security metrics provide valuable insight into an organisation’s current security program and policies, and enable changes to be made to address any shortcomings. These changes can then be analysed to determine whether they’ve been effective in accomplishing particular goals. By demonstrating security’s value to an organisation as a whole, metrics will have a major impact on decisions regarding security and business operations, ultimately leading to greater security and safety for people and property.
The company will continue to operate as PPM and their head office will remain in Edmonton, Canada PPM 2000, the industry’s leading authority on incident management, has been acquired by Klass Software (“Klass”), the acquisition group of Klass Capital, a leading enterprise software, growth equity fund headquartered in Toronto, Ontario. Effective immediately, Will Anderson, the CEO of Klass Software, is now the CEO of PPM. Elaine O’Sullivan and Brian McIlravey will continue with the company as President and Executive Vice-President, respectively. “PPM‘s innovative incident management solutions are one of the cornerstones driving today’s new security models built on real-time analysis and incident prevention,” said Anderson. “With the strategic and financial backing of Klass, PPM will further improve on the successful growth that the company has experienced since its founding in the rapidly evolving professional security market.” “As the founders of PPM pass the torch to the company’s new owners, it’s about strengthening PPM as a technology company,” said O’Sullivan. “We look forward to accelerating innovation, pursuing new markets, and delivering more incident management options to our clients. Added McIlravey, “Klass is a great fit for PPM, and the right company to take us to the next level. We’re excited about a future focused on expanding PPM’s incident management portfolio with complimentary technology and services.” The company will continue to operate as PPM, and their head office will remain in Edmonton, Canada. Secure Strategy Group (SSG) served as the exclusive advisor to PPM (SSG provides Broker Dealer Services through Pickwick Capital Partners, LLC Member FINRA SIPC).
PPM is marking the introduction of ISD by setting up an Incident Command Center PPM 2000 has announced the launch of a new Integrated Solutions Division (ISD) for expanding, managing, and maintaining PPM’s growing portfolio of integrations for their Perspective incident management software. Here at ASIS, PPM is marking the introduction of ISD by setting up an Incident Command Center where PPM and their partners will showcase how organisations can seamlessly connect systems, people, and processes to drive intelligence-led situational awareness and complete security operations management. In today’s security marketplace, integrations between systems and software are typically application-specific, custom, and have long development cycles all the way from needs identification to delivery. PPM’s ISD will focus on developing solutions with technology partners that: Integrate Perspective with electronic security systems such as access control, video management, and mass notification. Address needs for real-time security event management and tracking and the associated incident data capture and advanced reporting, all within a single software application. Offer comprehensive security management tools for enterprise applications requiring integration with multiple systems, software, and vendors in a common operational environment and user interface. Provide a comprehensive solution to manage all facets of Security Operations Center (SOC) systems, processes, and resources. Through a range of integration options, users will realise numerous operational and financial benefits, including the automation of incident data entry, synchronisation of event and alarm data to incident records, standardisation of incident response, reduction in incident/event processing time, and consolidation of all incident data and security operations information in a common database. “Integrations and our open API have been a huge part of PPM’s growth in the last couple of years" PPM’s ISD will be run by Dan Ireland, CPP, an industry veteran with 22 years of experience with leading electronic security vendors and as a security consultant specialising in integrated system design and implementation. “Security professionals continue to face challenges resulting from the deployment of multiple electronic systems and vendors, multiple software platforms, and multiple service providers,” said Ireland. “Solutions to bring all of your organisation’s security data and operational processes into a common platform have historically been custom and costly, carried high risk of failure, and been slow to implement. Solutions from PPM’s ISD will address all of these barriers and provide scalable, standardised, cost-effective, quick-to-deploy options backed by viable use case and ROI information.” As part of its initial launch, in addition to their ASIS Booth (#1537), PPM is hosting an Incident Command Center, located in Meeting Room #7 near the west entrance. The Incident Command Center will feature key PPM partners Guardly, Microsoft Global Security, MIR3, Sureview, and Winsted in a mock command center setting where they will showcase how mission-critical security systems interact, communicate, and integrate for a complete end-to-end incident management solution. The ISD team from PPM will be stationed at the command center for the week, and a list of scheduled events will be available at PPM’s booth and posted at the Incident Command Center. “Integrations and our open API have been a huge part of PPM’s growth in the last couple of years. The newly formed ISD formalises what we have been doing for mission-critical operations and takes it to the next level,” said Brian McIlravey, Co-CEO of PPM. “With Dan’s professional network and background in security, systems, and integrations, he is the ideal leader for the ISD, and the Incident Command Center that we’ve set up for ASIS is the perfect showcase for what PPM and our partners can do.”
With the new integration, visually enriched activity reports are automatically recorded in Perspective Trackforce™, a leading provider of officer management technology, and PPM 2000, a leading incident, investigation, and case management software company, announced a new integration between their physical security solutions GuardTek™ and Perspective by PPM™ at ASIS 2014. With the new integration, visually enriched activity reports created by security officers on the GuardTek platform through m-Post or Patrol products are automatically recorded in Perspective, enabling command centers to seamlessly process field activities without the burden of entering report data manually. “We are very excited to launch this new integration,” said Guirchaume Abitbol, CEO and President of Trackforce. “PPM is a wonderful partner with great technology. The new integration should help a number of joint customers expand their capabilities and real-time reporting.” With bi-directional communication between the applications, call categories configured in Perspective can immediately be available to officers using the GuardTek products after an import. Once the report is submitted, report details with field selections, text, and pictures are available instantly within Perspective. Similar to event and activity reports, guard tour reports are transmitted into Perspective and are available as PDFs regardless of the type of device used to complete the tour. “If you are looking for a solid officer management product tightly bound to our incident management tools, the team at Trackforce has completed an excellent integration to Perspective,” said Brian McIlravey, Co-CEO of PPM. “It combines two market leading products and companies and expands options for clients with mobile officers.”