Defining Security Metrics
The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk: the notion that the future is more than a whim of the gods and that men and women are not passive before nature. Until human beings discovered a way across that boundary, the future was the mirror of the past or the murky domain of oracles and soothsayers who held a monopoly over knowledge of anticipated events.
—Peter Bernstein, Against the Gods: The Remarkable Story of Risk
Information security is in the first stages of the journey Bernstein describes as distinguishing the modern era.1 Since the dawn of modern computing, security has been left to computer security experts—chiefly technologists whose technical ...