Foreword

From Kelvin’s “[W]hen you cannot express it in numbers, your knowledge is of a meagre and unsatisfactory kind” to Maxwell’s “To measure is to know” to Galbraith’s “Measurement motivates,” there is little need to argue here on behalf of numbers. Doubtless you would not now be holding this book if you didn’t have some faith in the proposition that security needs numbers.

But what kind of numbers? Ay, there’s the rub. We need numbers that tell a story and, which is more, say something that allows us to steer for where we are going, not just log from whence we have come. We have to acknowledge the central creed of the statistician: all numbers have bias; the question is whether you can correct for it. As security practitioners we have ...

Get Security Metrics: Replacing Fear, Uncertainty, and Doubt now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.