Other metrics include the percentage of critical or high vulnerabilities per every host. We are also looking at the number of successful malware infections and the number of computers that we have to reimage because of that. That number should really go down.
Those are our outcomes-based measures. We have other input-based measure we are looking at, too. They include number of hours per staff activity. The idea is the more we get things under control, the less time our staff should be spending on reactive-type issues. We should have a much less running around, putting out fires in the day.
The other thing is mean time to resolve an incident. We are looking for that to go down significantly as well.
Sign up for CIO Asia eNewsletters.