How would you assess the effectiveness of a security solution after implementation using metrics and feedback?