Are security metrics bunk, or can meaningful metrics be gathered to drive improvements in enterprise security? This presentation proposes that both qualitative and quantitative data exists, as well as frameworks for standardizing how risk gets assessed. Industry experts will offer advice on how meaningful security metrics can be used to improve enterprise security and to demonstrate business value.