In an environment where physical and cyber risks are increasing, it is critical that security organizations maintain well established security metrics to better control, track, and refine preparation, mitigation, and response operations to replace fear and uncertainty in organizational functions. While executives are concerned with how secure their organizations is, the likelihood of a breach occurring, and what security programs are most effective at protecting people and assets, security metrics should be shaped to provide visibility into operational effectiveness and illustrate strategic value of those operations. Using examples from security metric programs developed for federal and private security focused organizations, this presentation will share contemporary best practices for security metrics and measures for security organizations.