We need to define and understand what our “success” criteria are for your security initiative  (Metrics)

• Increased security (Scale 1-Low 5-High for Area).

• Meet regulatory compliance (Pass/Fail).

• Improved operational efficiencies (% FTE reduction).

• Delivering on time and within budget.

• Realizing the full ROI from the technology solution.

• Leveraging the full potential of the new technology purchase (% of product capabilities actually deployed).

• Validate your definitions with the CEO, CFO, etc.

Best Practice in this area:

- Be realistic about what your organization is really able to track regarding metrics. Swag metrics are not metrics.