WHAT THIS BOOK IS ABOUT
This book is about security metrics: how to quantify, classify, and measure information security operations in modern enterprise environments.
HOW THIS BOOK CAME TO BE
Every consultant worth his or her weight in receipts accumulates a small trove of metaphors, analogies, and witty expressions. These help explain or clarify those rarified things that consultants do and tend to lubricate the consulting process. Oh, and they also tend to be funny. One of my favorite bits—particularly relevant to the topic at hand—is this one:
No good deed goes unpunished.
This simply means that with any worthwhile endeavor comes many unwitting (and often unwanted) consequences. So it is with the world of “security metrics.” As you ...