Which IT Security Metrics focuses on effectiveness? Solution Use quantitatively or qualitatively measurable, security metrics of some sort are necessary to help technical staff and management better understand the company’s risk exposure, effectiveness of mitigation efforts and progress, in relation to constant improvements and investment into the IT security budget. Executive Dashboard which would both help inform senior management of the company’s security posture, as well as track the security programme’s effectiveness over time. use of the same framework will only simplify understanding of the key issues to senior management and help map metric-identified shortcoming against the security controls implementation plan and budget. This close relationship should provide clear links between risk areas and investment, with the aim of providing maximum security effectiveness. necessary to help technical staff and management better understand the company’s risk exposure, effectiveness of mitigation efforts and progress, in relation to constant improvements and investment into the IT security budget. .