
xi
Acknowledgments
Venturing into the murky waters of information security management metrics has
been a challenge that I would not have willingly undertaken without the support,
urging, and assistance of others. Special thanks go to Ray Kaplan, for his many
contributions, suggestions, and review, and to my wife Melody, for graciously
accepting my often obsessive work at strange hours of the night.
A debt of gratitude is also acknowledged to others who have supported this
effort giving their time to advising, reviewing, and commenting on this exposition,
including ISACA associates of notable competence, Bruce Wilkins, Gary Barnes,
a