In order to have a successful IG program, one of the eight (8) Information Risk Planning and Management step is to develop metrics and measure results. Why are metrics required? Briefly provide your explanation.
This is because metrics are the numbers that are being measured on a daily basis. Management philosophy also believes that what is measured gets managed. Therefore, metrics play an important role since they transform both the customer requirements as well as operational performance to numbers which can be compared. Metrics are useful because they help the organization in driving strategy and also in decision making, they drive performance, produces better internal and external public relations and lastly it provides focus for the organization.