Schimkowitsch, Scott E.2009-07-222009-07-222009-07-22https://hdl.handle.net/1794/9479This paper was completed as part of the final research component in the University of Oregon Applied Information Management Master's Degree Program [see htpp://aim.uoregon.edu].An information security metrics program can provide organizations with a resource to manage, monitor, control, or improve aspects of an information security program. A set of five key components necessary to include when developing a plan for an information security metrics program is presented. Components are framed in relation to criteria from Chew et al. (2008), and include associated tasks designed to a) increase accountability, b) improve information security effectiveness and c) demonstrate compliance.en-USInformation securityAccountabilityComplianceApplied Information ManagementAIMDataOther