"Provides valuable directions on how measurement works and what goes into producing a useful metric. … when faced with the necessity of developing a metrics program to measure the effectiveness of some aspect of your security efforts, this rather imposing tome is one I would recommend as a way to jumpstart your efforts. The master table in the introduction provides a quick guide to the particular section most relevant to the reader’s need …” — Richard Austin, in IEEE Cipher, June 2007"... a useful reference for individuals who must meet the challenge of selecting good metrics."—Cheryl Washington, Information Security Officer, California State University, in Educause Quarterly