In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.
A friend of mine is a security manager at a university. He keeps metrics for fun, mostly, he says, to torture people with. His project, over the years I've known him, is to constantly improve the service quality, reliability and security of the IT systems under his purview. As you can imagine, that's a job that encompasses management, technology and politics in almost equal degrees. So, he got into collecting metrics because he wanted to be able to bring actual data to the table whenever there was a question about what to do or not to do.