- Overview of Metrics Program
- Purpose, Approach, and Objectives
- Benefits of Using Metrics
- Metrics Types
- Data Management Concerns
- Stakeholder Interest Identification
- Goals and Objectives Definition
- Security Policies, Guidance, and Procedures Review
- System Security Program Implementation Review
- Metrics Development and Selection
- Establishing Performance Targets
- Feedback within Metrics Development Process
- Metrics Program Implementation
Goals and Objectives Definition
Phase 2 of the metrics development process in Figure 3 is to identify and document the performance goals and objectives that would guide security control implementation.
Applicable documents should be reviewed to identify and extract applicable security performance goals and objectives. Various documents can be used, when appropriate, as sources. The extracted goals and objectives should be validated with the security program stakeholders to ensure stakeholder acceptance and participation in the metrics development process.