Identifies and develops metrics and measures for information assurance such as key risk indicators (KRIs) and key performance indicators (KPIs). Determines appropriate and practical performance measures, to ensure that information assurance priorities set by the business can be effectively monitored.