1. Percentage of system components that undergo maintenance in accordance with formal maintenance schedules
2. Percentage space of remote access points used to gain unauthorized access
3. Percentage of users with access to shared accounts
4. Percentage of incidents reported within required time frame per applicable incident category
5. Percentage of media that passes sanitization procedures testing
6. Percentage of physical security incidents allowing unauthorized entry into facilities containing information assets
7. Percentage of employees who are authorized access to information systems only after they sign an acknowledgment that they have read and understood the appropriate policies
8. Percentage of individual screened before being granted access to organizational information and information systems
Below Example:
Measurement: Percentage of information systems personnel that have received security training