Build a security dashboard – How to guide
Build a security dashboard and risk managers can:
- Measure performance in most business functions
- Demonstrate compliance with forthcoming legislation for example, Martyn’s Law.
Lets take a look at how to build a security dashboard best practice.
Introduction: Where did the dashboard come from?
Cars and aircraft use dashboards and have done for over 100 years. However, their use in business only became popular after the Enron scandal, which led to the 2002 Sarbanes-Oxley legislation. Consequently, corporations had to show a grasp of what’s going on across their business and a great way to achieve this is through a dashboard.
Do all dashboards look the same?
Dashboards all look different. Some look plain awful and others waste space. The below dashboard wastes space with inordinately large 3D pie charts and a brand banner. While others look great, their content is out of date or incomplete, which makes them redundant:
Dodo (dead) dashboards
There are more dead than live dashboards. Even though they take years to design many are ignored or switched off because they:
- Met the needs of one person who has since moved on
- Are an unwanted distraction
- Are too expensive or effortful to change
Therefore, heads of security need a dashboard that lives and breathes everyday.
Put in effort up front to specify a security dashboard and you can expect it to live for years and make the investment worthwhile. Moreover, it could radically improve how things gets done.
What exactly is a dashboard?
Definitions vary but in essence a dashboard:
Presents summary and exception information in one place, using text and visuals.
They can display on a phone, PC or dedicated screen. In addition, they will often provide more than one display, being broken down into:
- Strategic: High level, long term, summaries
- Operational: Provides ongoing performance guidance
- Analytical: Historic insights such as trends
What does a risk manager need?
Risk managers often need to build a security dashboard to meet all three needs. The landing page will be the strategic display and have options to launch the operational and analytical display.
2. What to measure and how to display it – content and visuals
Let’s take a look at some typical activity from the world of security and suggest ways to display the content.
The location, type and time of an incident are key bits of information. Maps provide all this information and focus the viewer on where incidents take place. Maps are a good example of an operational dashboard.
Floor plan map
SIRV uses bi-direction maps in its Major Incident Management module to display information on schematics:
Floor plans often change over time, this may mean the dashboard needs periodic adjustment. Street map:
Street maps offer 2D location only. Therefore, multi-storey buildings make the presentation of incidents more difficult. Heat map:
Heat maps focus the eye to where incidents most often occur. However, this means the exact location of low volume incident reports is often overlooked.
While maps help the viewer focus on where incidents take place, line graphs help identify when they take place.
The above line graph (with line of best fit) displays the average time of incidents over a 24 hour period. This is useful to know when to deploy resource.
Security patrols typically consist of security guards checking defined locations. Therefore, like incidents, they lend themselves to maps.
Stacked bar charts (similar to the below), can be used to show complete vs incomplete patrols.
If the patrol uses NFC tags or bar codes, then we can display frequently missed points. This can be a map or list:
Alternatively, we can use grids to show missed patrol points:
Grids may appear bland but they’re highly functional and quickly direct the eye to the problem points.
Risk and threat assessment
A great way to focus minds is to present a risk assessment matrix:
It’s great to use animation and show the change in risk over time. However, we do not recommend the use of spider graphs like the one below, they’re often found in security plans are not very useful:
Spider graphs appear clever but they tell the viewer the same as a bar graph and take more time to understand.
Events, audits, checks and statistics
Martyn’s Law will increase the need to demonstrate compliance with legislation. Therefore, recording drills, procedures and audits are key. These could include:
- Welfare visits
- CCTV checks
- Lock dock drills
Pie charts like the one above look nice but are not recommended. Because they only work when there are few, similarly sized variables. Add many variables with small values and they’re lost on the human eye. Therefore, use tree charts like the one below. It’s preferable to pie charts and communicates more clearly.
Calendars are great to schedule and communicate upcoming events:
Statistics are easily shown through bars charts. For example, the below stacked bar chart shows crime statistics:
3. Change to content and visuals – adaptation
Over time needs change so too does the need to build a security dashboards Therefore, it’s important the content and visualisation on a dashboard can change too.
Even though some software vendors provide easy drag and drop options for visualisations, this is not always a good thing. Because heads of security are not design experts. Consequently, dashboards:
- Are too busy and put off the viewer.
- Change so often it’s not easily understood.
Heads of security need a dashboard to undergo periodic not constant change. Therefore, ensure the dashboard purchase agreement includes a sum to cover future changes.
4. Use of the dashboard – interaction
The level of interaction dashboards offer varies. Some are fixed displays which make no allowance for interaction. Whereas, others offer options to:
- Hide and show visuals
- Change data ranges
- Move and zoom into maps
- Make notations directly onto the dashboard
- Drill down to view the source data
- Download all or part of the dashboard
Dashboards can raise as many questions as they provide answers. Therefore, it’s important one can drill down and view the data behind the dashboard.
5. Where to view the dashboard – display
Be sure to specify what screens you will use to view your dashboard; it will guide how much information can be shown.
It’s not only the screen’s dimensions that are important but also its resolution (pixel density). Because a screen with 1920×1080 resolution will display twice the information of a screen with identical dimensions but half its pixels. (Put this to the test, change your screen’s resolution).
Give thought to where you position your screen. For example, control rooms are good places for a dashboard but they’re not ideal if the monitor is too far from the viewer.
6. Build a security dashboard – design examples
We’ve looked at visuals for heads of security, now let’s look at different business dashboard styles and layouts.
The above HR metrics dashboard is clean and simple. However, it has some disadvantages:
- It has very few visualisations (only two bar charts)
- The two tables have background colours and shading, which is unnecessary and therefore clutters the screen
- The top left is occupied by a logo and button options. This area is prime real estate for the eye. Any branding should be discrete and option buttons moved to the right.
With its dark background, this dashboard has the ‘flavour’ of a security dashboard. The dark background means it is less stress on the eye than a white dashboard. However, it has some drawbacks:
- Red signifies danger and the dashboard’s reliance on this colour suggests there is danger in many places.
- Again, buttons and logo are to the left, when they’re best on the right.
The superstore dashboard uses summaries only. Therefore, it’s an example of a strategic dashboard. However, it offers only four pieces of data and they’re text not visual format. As a result, this dashboard is a wasted opportunity to engage the viewer.
Covid impact on air passengers
The Covid impact on air passenger numbers is a great dashboard because:
- It has buttons to allow the users to interact with the map
- It’s information rich but only uses two visualisation types
- A range of complimentary colours are used
In addition, the timeline provides good, accurate context. Heads of security should consider this kind of timeline once enough data is stored.
It’s clear design has been an important consideration in all these dashboards. However, aesthetics alone does not make a good dashboard but it can undermine the value of the data it presents.
How data gets to your security dashboard
Do not underestimate how much work it takes to get data on to your security dashboard: To produce accurate, timely data for a dashboard is a task in and of itself. Because dashboards typically consist of summary and exception information, most data is:
- ‘Cleaned’ and put through a
- data pipeline.
Build a security dashboard with clean data
To clean data is to filter, sort, sum and treat raw data ready for a dashboard. This task is often the responsibility of a data analyst or data scientist.
Over time these people will attempt to automate part of if not all of the data cleansing process and set-up a data pipeline.
A data pipeline is a secure and reliable method to process data input from one source and output into another (in this case, a dashboard). Therefore, to change a dashboard’s content can take time.