Alex Hutton is a big fan of trying to understand security and risk through metrics and models.

Currently, Alex Hutton is a Director of Operational Risk Management for a financial institution in the United States. Included in his responsibilities are both information risk management and vendor management. In his past life he worked for the Verizon Business RISK Team. The Verizon RISK Team builds and hones the risk models for Cybertrust services, produces the Verizon Data Breach Investigation, the Verizon's PCI Compliance report, and is responsible for the VERIS data collection and analysis efforts. 

Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum.

Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).

Contributing chapters 

Risk assessment rules the game. Use best methods for best results!
Security risks are everywhere!