Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalLogical SecuritySecurity & Business Resilience

Security Strategy

Data-driven decisions in the SOC

Security leaders can use data-driven decision-making to identify inefficiencies, quantitatively measure the success of security procedures and encourage collaboration between teams.

By Simon Morgan
Women in security working

Laurence Dutton / iStock / Getty Images Plus via Getty Images

May 11, 2023

Management thinker Peter Drucker famously said, “If you can’t measure it, you can’t improve it.”

Data-driven decision-making is a key factor in making informed business and management decisions. This type of decision-making is prevalent today in many types of settings. In the security field, leaders look to data to help make decisions about threats, safety, the effectiveness of the response, regulatory adherence, costs and staffing levels.

Management teams have been using data to make decisions for years. What's changed recently is the proliferation of data about almost everything. Organizations now utilize software and systems to complete nearly every task, and these systems are capturing data points throughout these activities.

Just look at the number of data points that are available when a security operations center (SOC) operator is responding to an alarm — these can include:

  • When was the alarm triggered?
  • What type of alarm was triggered?
  • Where is the alarm point?
  • When did an operator pick up the alarm to respond?
  • Who was the operator?
  • What actions did they take in response?
  • Exactly when did these actions happen?
  • What cameras did they view?
  • Who did they dispatch?
  • How long did it take to assess the situation?
  • Did they open an investigation?
  • Who was notified about this incident?
  • How long did the entire event take to close?
  • What post-event actions were required?

These are just a few of the data points that security might need to know to get a clear picture of this process. Security leaders can use data-driven decision-making to identify inefficiencies, quantitatively measure the success of security procedures, and encourage collaboration between teams.

In security, as the number of systems and data points explodes, how do teams identify the data points that actually make a difference — the ones that provide real insight into their operations? It’s challenging to standardize data across multiple siloed systems in order to get a consistent picture: without this, teams have parts of the picture in one language and other parts in other languages.

Steps to identify and normalize data

Step 1: Agree on the important questions

Get the key stakeholders from the security operation together — management, security technology, supervisors, operators from the SOC and investigations. Together, identify what types of questions and problems the team is looking to solve. Think big picture. Questions might include:

  • How long does it take the security team to respond to events?
  • Which events create the most activity but potentially distract from efficient responses to critical events (i.e. false positives)?
  • How many alarms trigger an investigation?
  • How many alarms trigger a dispatch?
  • Which location creates the most serious incidents per month?
  • Are there enough team members to cover the number of alarms the SOC receives?

Within each of these examples, there are obviously additional questions that may be raised. Identifying the bigger picture will help to identify which issues are most important. It's important to avoid discussing the “how” because this can quickly move the conversation into the mechanics of how to capture this data and distract from identifying the top-line problems that need to be resolved.

Step 2: Agree on the metrics that lead to answers

Once the team has decided on the questions, the next step is to agree on the type of data that will help answer these questions. Let's say that security is looking to answer the question, “How long does it take to respond to events?” The type of metrics that can help answer that question are:

  • The average time it takes to pick up an alarm in the SOC today (in minutes and seconds)
  • The average time it takes to respond to different types of alarms (i.e. time it takes to pick up an access control event versus a security assist event)
  • The average number of alarms per hour/per day (number of alarms per hour/per day)
  • The average number of alarm per location (number of alarms per building, per hour/per day)

Each of the metrics begins to paint a picture of how the team responds to security events. SOC leaders will notice that in order to answer the primary question, just capturing one key metric — for instance, “Average time it takes to pick up an alarm in the SOC today” only provides a surface-level insight into the performance of the team. Think about what additional metrics impact those numbers so that they can be used to make decisions.

Step 3: Centralize the data

This can be the most challenging step of any data-driven decision-making project. In this step, not only do security teams need to standardize the data, but they also need to centralize it so that later, they can easily access and visualize it for quick insights.

The most efficient way to do this is to standardize on a system that coordinates responses and investigations. SOCs need a system that can take alarms from a range of different systems and normalize these different formats into a consistent data structure. This effectively eliminates the difference in data from one system to another. It has the added benefit of building efficiency through standardization — eliminating high training costs and user errors that come with complex and bespoke approaches.

Step 4: Visualize the data

The final step is to provide a simple way for the various stakeholders to access and visualize this data. There are many visualization programs on the market, these can range from inbuilt reporting tools to Excel spreadsheets using pivot tables and graphs or data visualization programs. Each of these provides ways for teams to drill into different data. When comparing visualization tools, look for programs that provide the ability to:

  • Present data in different formats. Sometimes a graph is the best way to see data, on other occasions it could be a table.
  • Drill into data elements by clicking on data objects in a graph to dive deeper into the cause of that metric.
  • Forecasting — look for systems that can highlight trends in the data set so that SOCs can quickly take action.
  • Export data into standard formats — look for exports of raw data in .csv, Excel, or JSON formats
KEYWORDS: alarm monitoring data analysis physical security assessment security operations Security Operations Center (SOC) security staffing

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Simon Morgan is Chief Product Manager of Tampa, Florida-based SureView Systems, a leading provider of next-generation PSIM platforms.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Digital Trust

    Unlocking digital trust: The power of collaboration in a data-driven world

    See More
  • digital landscape

    Unlocking digital trust: The power of collaboration in a data-driven world

    See More
  • data-analysis-freepik9786543.jpg

    Disrupting the status quo: Data-driven analysis of terrorism

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!