This chapter provides an introduction to and a literature review for security metrics. It begins by describing the need for security metrics, followed by a discussion of the nature of security metrics, including what makes a good security metric, what security metrics have been used in the past, and how security metrics can be scientifically based. This presentation is followed by suggestions for starting a security metrics program within an organization and a discussion of the feasibility of an intelligent security dashboard driven by metrics. The chapter concludes with a literature review that summarizes security ...