Information Technology / Security & Auditing / Business Management
Other books on information security metrics discuss number theory and statistics in
academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security
Metrics: Applying Metametrics to Information Security breaks the mold. This is the
ultimate how-to-do-it guide for security metrics.
Packed with time-saving tips, the book offers easy-to-follow guidance for those strug-
gling with security metrics. Step by step, it clearly explains how to specify, develop,
use, and maintain an information security measurement system (a comprehensive suite of
metrics) to help:
•Security professionals systematically improve information security, demonstrate the
value they are adding, and gain management support for the things that need to be done
•Management address previously unsolvable problems rationally, making critical
decisions such as resource allocation and prioritization of security relative to other
business activities
•Stakeholders, both within and outside the organization, be assured that information
security is being competently managed.
The PRAGMATIC approach lets you hone in on your problem areas and identify the few
metrics that will generate real business value. The book:
•Helps you gure out exactly what needs to be measured, how to measure it, and most
importantly, why it needs to be measured
•Scores and ranks more than 150 candidate security metrics to demonstrate the value
of the PRAGMATIC method
•Highlights security metrics that are widely used and recommended, yet turn out
to be rather poor in practice
•Describes innovative and exible measurement approaches such as capability
maturity metrics with continuous scales
•Explains how to minimize both measurement and security risks using complementary
metrics for greater assurance in critical areas such as governance and compliance
In addition to its obvious utility in the information security realm, the PRAGMATIC
approach, introduced for the rst time in this book, has broader application across diverse
elds of management including nance, human resources, engineering, and production—in
fact any area that suffers a surplus of data but a decit of useful information.
View the authors’ website and blog at:
ISBN: 978-1-4398-8152-1
9 781439 881521
Preface by M. E. Kabay, PhD, CISSP-ISSMP
PRAGMATIC Security Metrics
to Information Security
W. Krag Brotby and Gary Hinson
Security Metrics
K13838 cvr mech.indd 1 11/12/12 9:00 AM

Get PRAGMATIC Security Metrics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.