The document provides references and resources for developing a security metrics program, including publications, standards, websites, and books. It lists security metrics guides and articles from Microsoft, ISO, ISSA, CSO Online, SearchSecurity.com, SearchFinancialSecurity.com, ISC2, and metrics toolkits from Unified Compliance Framework. All of the references aim to help organizations measure the effectiveness of their security programs and make data-driven decisions.