First and foremost, security must make business sense
Determining a return on investment isn't the only way to pitch a security project. Although it's true that hard metrics often trump passionate please, business drivers often trump numbers. Making good business decisions is the goal. Quantitative methods may provide useful input, but they're no substitute for careful reasoning about which security expenditures will help make your enterprise more successful overall.
By Jonathan Gossels at InformationWeek.
[ Read more ]