Solidly written and well present book for IT Professionals to convey the essentials and apply the practical framework of IT Security metrics to keep the eye on the ball in a quickly changing business and IT landscape. I loaned it to my team and other colleagues who gained a different appreciation of the value, effort and also individual responsibilities required to ensure an enterprises IT security.
It's a nice book for people that don't have a way to start identifing security. Usually the proplems that are listed on the book are caused by IT itself that don't understand the business and like to think they are the core of the company while they are just a middle manager area.
If IT manager accept that they are there to assist business decisions and help to identify risk and business continuity issues instead of just claiming for more Money and support, it will be much easier to achieve the good metric.