124 ◾ Information Security Management Handbook
collected and where they will be distributed on what specific schedule. is will allow the man-
agement to see the standard progress in asset protection. e regular metrics will give the security
the foundation for justifying additional security software and additional staff for the security
program. e regular metrics also can be used when presenting user awareness training. Metrics
can improve accountability through collection, analysis, and reporting of relevant performance-
related data. e procedures should be a step-by-step document on how and where the scripts or
applications are executed. e security metrics program can be set up on a repeatable cycle. See
Table 9.2 for a sample of the secu ...