Security metrics books

Dell security analyst Ben Knowles has reviewed and compared four information security metrics books:

• Andrew Jaquith's Security Metrics (aka "the Treefrog book"!)
• Caroline Wong's Security Metrics
• Lance Hayden's IT Security Metrics
• and ours, PRAGMATIC Security Metrics

Ben's comments are sound: while these books present differing perspectives and messages, all four have merit.  We discussed the first three books (and more) in the literature review in PRAGMATIC Security Metrics, and on SecurityMetametrics.com