U.S. Nuclear Regulatory Commission, Washington, D.C., USA
"""Provides valuable directions on how measurement works and what goes into producing a useful metric. ! when faced with the necessity of developing a metrics program to measure the effectiveness of some aspect of your security efforts, this rather imposing tome is one I would recommend as a way to jumpstart your efforts. The master table in the introduction provides a quick guide to the particular section most relevant to the reader's need !"" -- Richard Austin, in IEEE Cipher, June 2007 ""... a useful reference for individuals who must meet the challenge of selecting good metrics."" --Cheryl Washington, Information Security Officer, California State University, in Educause Quarterly"