# Setting SMART Objectives A simple acronym that's useful to sense-check if the goals you're setting for projects are properly considered. Setting an objective needs to be done in the context of being resilient to adverse conditions or change, and so it's worthwhile going over what your objectives are and identifying how you'll actually assess their efficacy throughout and after your project. The acronym is explored below, attached to the specific question you ask to interrogate your objective to ensure it's SMART... | SMART Criteria | Question to ask | | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **S**pecific | Does this goal set a scope of a declared and finite area for improvement or change? | | **M**easurable | Is there a way to meaningfully quantify this objective or goal over time as an indicator of progress towards it? | | **A**chievable/**A**ssignable | *I've seen two variants of this*:<br>**Achievable**: Is this goal realistic and attainable given the resourcing and support for this project?<br>**Assignable**: Is there proper support and leadership to define the responsibilities that are produced by the setting of this goal, and are they clearly explainable? | | **R**elevant/**R**ealistic | *I've seen two variants of this*:<br>**Relevant**: Can this goal or objective be understood and explained in the context of other strategic objectives?<br>**Realistic**: *See Achievable* | | **T**ime-bound | Is there a timeline for expected results that can be used as an indicator for the health or progress of this objective or goal? | ## Example of an objective that isn't SMART: *"Sam, you're going to be in charge of reducing our susceptibility to phishing this year."* ## Example of an objective that's pretty SMART: *"Sam, we really want to focus on reducing Business Email Compromise as a risk this year as successful incidents really hurt our information security objectives, as well as our bottom line. We'd like you to lead in reducing our susceptibility to Phishing over the next six months. Your area of focus is specifically on employee and shared inboxes. We're going to conduct blind phishing assessments monthly once you've determined the appropriate spending and controls in place, and we'll schedule a resourcing meeting today to ensure you feel supported to enact any changes."*