Praise for IT Security Metrics
“I think that one reason security metrics is so hard is because there is no single recipe for success. It is not just about the math. It is about understanding what knowledge you seek and how quantitative analysis can help. To create a successful and sustainable metrics program, you must start with a well-reasoned framework. Lance’s book begins by presenting one. He then enriches the theory with practical case studies that illustrate how you can incorporate the framework into your own context. This treatment has something new to say to security measurement veterans and beginners alike.”
—Elizabeth A. Nichols, Ph.D., PlexLogic, LLC
“The author provides a timely and practical overview of information security management ...