Data driven security refers to using measurable factors to drive a security program and reduce risk. While not all elements of a security program lend themselves to measurement, many components can be measured effectively. A commonly accepted business paradigm states: what cannot be measured cannot be managed. Some would argue that the security is more of an art than a science. Even though correct, the business of security is not an art but is a business unit not like other business units within an organization that must justify its existence. A key method for justifying the department is to measurably reduce risk. Data driven security is a concept utilized by organizations operating in dynamic environments to effectively manage risk. Security professionals operating in today’s increasingly constantly changing environments face the unique challenge of providing security that reduces crime and loss, cost effective, and does not expose their organizations to undue liability. Success can be achieved through a carefully orchestrated balancing act of three tasks:
Monitoring risk in real time or near real-time
Deploying effective security measures which reduce risk
Working within reasonable financial limitations

Data driven security is an effective method for balancing these tasks. In order to be successful at this balancing act, security professionals must not only be knowledgeable about security technologies, they must also be good business decision makers and risk managers. Security costs should not exceed reasonable budgets and preferably, provide a measurable return on investment. The security program should also effectively reduce risks to an acceptable and manageable level.