the security value chain

Security Value Chain

The Business of Security Value

Firm Infrastructure

Human Resource Management

Technology Development

Procurement

Inbound Logistics

OperationsOutbound Logistics

Marketing & Sales

Service

Margin

Porter’s Value Chain

You

Inbound Logistics

OperationsOutbound Logistics

Marketing & Sales

Service

Your NEW Value Chain

Inbound Logistics

The number one raw material for the business of security is INFORMATION!

Where do you get it from?How do you store it?

OperationsThis is where you add VALUE!

What value do you add to the information?What new information do you create?What is it that you and your team do?

Outbound Logistics

Getting that VALUE out to your customers.

Who is your customer?How do you package the information?Is it easy to get?Is it easy to use?

It’s all about the DELIVERY.

Marketing & Sales

Better than a Security Awareness Program!

Create demand for your services.Pulling instead of pushing.

It’s about CONSTANT communication!

ServiceThis is where you maintain VALUE!

High touch, high frequency.Strengthen your brand.Broaden your reach.Set SLAs. Live up to them!

Incorporate criticism into improvements.

Inbound Logistics

OperationsOutbound Logistics

Marketing & Sales

Service

Vulnerability Data

Prioritizing Reporting Educating Training

Patch Alerts Correlating Self-Serve Advertising Support

Event Streams Analyzing Face-to-Face Marketing Response

User Inquiries ValidatingDecision Support

Selling Engagement

Sample Service MapValue Chain

Key Functions

Inbound Logistics

Vulnerability Data

Patch Alerts

Event Streams

User Inquiries

Inbound Logistics MetricsLook for trends.

Time to remediate.Security events by demographic.% of patches released vs. relevant.Common user inquiries.

Operations

Prioritizing

Correlating

Analyzing

Validating

Operations MetricsMeasure efficiency ruthlessly

# of systems changed in/out of maintenance window.# of projects with security oversight.Time to decommission accounts.

Outbound Logistics

Reporting

Self-Serve

Face-to-Face

Decision Support

Outbound Logistics MetricsIt’s about engagement

% reports read.Size of communication audience.# of project meetings attended.Frequency of customer contact.Don’t forget packaging!

Marketing & Sales

Educating

Advertising

Marketing

Selling

Marketing & Sales MetricsDemand generation

% of org educated.# of hits to security portal.# of project security checklist downloads.“Pipeline” of projects.# of contacts before engagement.

Service

Training

Support

Response

Engagement

Service MetricsStay connected

Scheduled training events.# of security related support calls.# of reported incidents per unit.Time from call to response.% of returning callers.% of users trained.

Brandon DunlapManaging Director of Research

bsdunlap@brightfly.comTwitter: @bsdunlap

Brightfly, Inc.www.brightfly.comTwitter: @brightfly

Questions?