is book was inspired by other experts in the ﬁeld, many of whom are cited in
the text. If you are truly serious about information security metrics, do check out
the references for the fascinating wealth of knowledge they contain. We are gen-
uinely grateful to all those who came before us and look forward to seeing the
PRAGMATIC approach being widely adopted and adapted.
On a basic note, Google’s free cloud-based collaborative working facilities made
actually writing the book much easier than more traditional approaches, especially
given the thousands of miles and several time zones separating us. We drafted the
book using Google Drive, and established a Google Groups forum to continue the
discussion with you (visit www.SecurityMetametrics.com for details).
We thank Rob Slade and Dan Swanson for their insightful feedback on early
drafts. Despite Krag and Gary constantly feeding oﬀ each other’s inspiration, your
gentle feedback and improvement suggestions encouraged us to look beyond the
conﬁnes of our little world.
Last but not least, we would particularly like to thank our other halves, Melody
and Deborah, whose constant love and support means the world to us. Ladies, this
book is for you too—the royalties at least.