?At ASIS 2016, Peter Ohlhausen will showcase how research funded by the ASIS Foundation and the resulting Security Metrics Evaluation Tool (MET) can advance a security agenda during the �Ensuring Security Metrics Are Credible and Defensible.� �

The original research, Persuading Senior Management with Effective Evaluated Metrics, was published in 2014. While Ohlhausen was central to that project, he views the Security MET as an important resource for measuring whether a security metric is strong enough to �convince senior management that the millions they spend on security is well spent.�

The tool consists of nine criteria, aspects of a metric that should be examined when determining the strengths and weaknesses of a specific metric. Three criteria relate to the security department�s point of view: cost, timeliness, and manipulation. Another three center on the scientific worthiness of the metric: reliability, validity, and generalizability. The final three are corporate focused: communication, return on investment, and organizational relevance.

Speakers in this session will center on concepts in the last two segments. �Reliability means that the data collected is not affected by measurement error,� says Ohlhausen. For example, if a security manager counted the number of false alarms in a specific day and counted the same set again on another day, the result would be the same. So reliability ultimately depends on careful data collection, he explains. �

Another criteria, validity, requires the ability to draw valid conclusions based on the measurement or metric. Ohlhausen uses the counting of nuisance alarms at a facility as an example. �If it�s really gone up, a manager might conclude that something is wrong with the alarm system,� he says. But that conclusion overlooks other possibilities, such as construction or animals tripping the alarms, which must be eliminated before drawing a valid conclusion. �

�Once you know that your data is reliable and valid, you can have some confidence in sharing it with senior management,� says Ohlhausen. �And you can be more convincing when talking about return on investment and organizational relevance.�

Security managers can use the Security MET tool to find the strong or weak points of a current metric or assess whether a new metric might be useful or a springboard for strengthening a current metric. To help in this analysis, managers can access a current library of sixteen metrics by click on the Research pull-down under the Foundation tab at asisonline.org. These metrics have been submitted by security managers and then evaluated for free by the Metrics Working Group of the ASIS Defense and Intelligence Council. ��It�s a nice arms-length evaluation,� says Ohlhausen, who is a part of the working group.�

At the Foundation�s behest, efforts to collect new metrics, evaluate them, and post them on the website are continuing. An online survey, surveymonkey.com/r/metrics-survey, has been established for this purpose.�

The goal is to help security managers develop metrics that are reliable, valid, and organizationally relevant while showing a return on investment. Ultimately, says Ohlausen, �the Security Metrics Evaluation Tool helps security managers make good decisions.�

Ohlhausen will be joined in the session by speakers Richard Weaver, CSO/head, Security Services Department, Johns Hopkins University Applied Physics Laboratory; and Daniel McGarvey, Sr., Metrics Research Team, ASIS Foundation. �