Most of the different methods of security reporting deal with the specifics of what data points to collect, when to collect them, and where to report the results. Security metrics are simply tools designed to facilitate the decision-making process. They will ultimately help improve performance through the collection, analysis and reporting of information-security-related data points. But, looking at security reporting systems from the customer perspective may lead you in a new, more user-focused direction.