As an organization grows bigger, and management becomes more thinly spread, additional metrics are established to track, report, and improve the different functions within the organization.
These metrics give management a good way to help make sense of the underlying conditions and reality.
Metrics help organizations track and measure progress. They help companies understand improvement areas. Metrics also help to set goals based on historical data—where you stood, where you currently stand, and where you need to go.
Most metrics are given in numbers (percentages), e.g.:
- sales increased by 20%
- production costs decreased by 5%
- the number of reported software bugs decreased by 20%
- . . . and so on.
What’s interesting is that organizations also need to have non-percentage-based metrics. A non-percentage-based metric would mean the only possible value for that metric would be zero or one (pass or fail).
Consider a security breach metric. Even one instance would mean a failure of that metric. No breaches would mean a pass, or success.
What’s most challenging is how to place enough gradations on such true or false metrics. If you don’t have gradations you won’t be able to detect changes in performance over time.
One answer to this challenge would be to implement a number of micro-metrics. What these micro-metrics would do is to track the chances of failure of a major (non-percentage-based) metric.
So, in the case of the security breach metric, you would have micro-metrics underneath, something like:
- The number of “less secure” connections your workstations and servers have with the outside Internet.
- The number of employees logging in to work from home, who have older operating systems with less frequent security updates.
- The age of your servers, and their operating systems and security update/patch levels.
- How many users have root access to certain systems? Are those accesses required? Are those accesses available over less secure connection lines?
It is difficult to build and maintain micro-metrics, but they are almost more or equally important, compared with standard percentage-based metrics.
Micro-metrics can be a great tool for organizations to measure difficult and sometimes troublesome “pass or fail” metrics.