Know your current state of security metrics before you move forward. Use the activities in this phase to:
- Understand the need for metrics.
- Differentiate between the types of metrics.
- Assess your current state of metrics.
- Identify your target state of metrics.
- Analyze the gaps of your metrics program.
Establishing the baseline is the cornerstone of a successful metrics program.