In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.
There are two ways to start establishing metrics. One is what I think of as the “bottom up” approach and the other being "top down". For best results you might want to try a bit of both, but depending on your organization and your existing processes it might be easier to go with one or the other..