Mapping Business Drivers to Program Metrics is a three-step process to identify the measures. The objective of a security program should always be to improve maturity at a rate equal to the threats and the business complexity. Security is a board-level topic in every company. Multiple regulatory requirements, including GLBA and SOX, require strong security and controls. If you miss a metric and. almost guarantee every security program will miss achieving one of their metrics over the course of a year, it will get visibility.”]
Source: https://securityintelligence.com/the-4×4-security-and-organization-program-metrics/