2010 Security 500 Methodology

November 1, 2010

The Security 500 Benchmarking Survey is based on information from several sources:

• Data supplied directly by the
organizations
• Data obtained through public resources/records

The Security 500 tracks 16 vertical markets and collects unique data where appropriate (such as patients in healthcare) and applies this data to key metrics. The key metrics collected this year include:

Security Spending/“Person”
Security Spending/Revenue
Security Officers/“Person”
Security Officers/Revenue

“Person” is focused on the type of person the security budget is intended to protect. Examples include employees, citizens, students and patients. Rankings within each sector were primarily based on total revenue or operating budget, security budget and “person” data.

Each sector had a coach who helped us customize questions for data collection and benchmarking purposes. Therefore, there were a series of general questions that all participants completed and unique questions within each sector. Each participating organization will receive their confidential report by December 31, 2010.

The 2010 Security 500 Survey includes the following

• Sectors were measured and evaluated on metrics among peer organizations
• The data requested and metrics used to benchmark within each sector were based on the input of our advisors.

The purpose of the Security 500 is to create a reliable database to measure your organization vs. others and create a benchmarking program among security organizations. The results will enable you to answer the question, “Where Do I Stand?” as a basis of an on going peer review process.

Typically, organizations that submitted their data ranked higher than those that were based on estimated data. Because submitted data employs a “self-selecting” methodology. For example, one clothing retailer may select “Retail” and another clothing manufacturer may select “Manufacturing/Industrial” as their vertical markets.

Based on continued feedback and the goal of creating a valuable resource for our participants and industry, the Security 500 is spread across 16 different sectors.

We recognize that as a result of the recent unprecedented economic changes that some organizations and their security leaders may no longer be in place. The listings are based on the information available at the time of publication.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

2010 Security 500 Methodology

Related Articles

Report Abusive Comment