PRAGMATIC Security Metrics was published by Auerbach (CRC Press) in January 2013.
If you would rather thumb through the book before parting with the readies, ask your local bookstore or library to stock it.
Alternatively, persuade your management to get the book for the corporate university, library or bookshelf ... or simply buy it yourself (and reclaim the expenses if you can!).
As to the business case for buying the book, can you afford not to improve your security metrics? If you struggle to justify the sixty-odd dollars it will take to revolutionize your understanding of the measurement and management of information security, metrics may be the least of your worries!