To create measurable information security goals, you can consider the following examples:

- Increase the efficiency of security monitoring by 20% in the next 12 months.
- Decrease the impact and/or number of information security incidents by 30% in 12 months.
- Achieve a maximum data loss of 6 hours in case of a backup failure.
- Decrease the number of security incidents in the next year by 20%.
- Ensure the average monthly availability of production servers is at least 99.98% over the next 24 months.
- Bring the number of unauthorized entries to secure areas down to zero during the next year.

These goals are specific, measurable, achievable, relevant, and time-based, aligning with the S.M.A.R.T. criteria.