The security function needs SMART metrics
I've become a <a href="http://www.computerworld.com/article/2554061/security0/measuring-the-value-of-metrics.html">big fan of metrics</a>. I wasn't always, but throughout my career in information security, I've had bosses who have challenged me on metrics, and I have honed my skills so that now I feel the metrics I collect meet the "SMART" test: specific, meaningful, actionable, repeatable and time-dependent.