The University of SydneyPage 33Governance Metrics–“What cannot be measured cannot be managed”–Quantitatively, effectiveness of security governance can be difficult to measure –Good security governance must be gauged by how effectively and efficiently the security machinery performs and what the trends indicate–In practice, Key Goal Indicators (KGIs), Key Performance Indicators(KPIs), Critical Success Factors (CFSs) usually best measure of success of governance and security strategy