All disciplines need to be able to demonstrate added value and track the ability to improve upon current practices. The board, technical management, auditors, and engineers may each need a different view of the security initiatives performed.
Article Link: CISO Stories Podcast: Stop Reporting Useless Security Metrics!