Here are some examples of information security goals that can be easily measured:

1. Decrease the impact and/or number of information security incidents by 30% in 12 months.
2. Achieve a maximum data loss of 6 hours in case of a system failure.
3. Reduce the number of incidents related to unauthorized access to information by 20% in the next year.
4. Increase the average monthly availability of production servers to at least 99.98% over the next 24 months.
5. Eliminate the usage of personal data from software testing by the end of 2024.