Sunday, April 22, 2007

New Security Metrics Book

In the nefarious world of security metrics, there aren't too many good references. Or should I say, none at all? It's all pretty much do-it-on-your-own and invent some numbers by hokus pokus.

Yes, ROI has been a popular benchmark for convincing skeptical CFOs and other C-level exectives of why they should invest in security. Supposedly, ROI provides a business case for something that most executives see as an expense and a hinderance.

I have to admit that even I fell under the ROI spell in this SearchCIO article last October.

But the recent release of Security Metrics by Andrew Jaquith now makes it that much easier to talk to the business side of the office. The book was released late last month by Addison-Wesley.

There's also an accompanying web site with a mailing list and other good stuff for metrics geeks.


Post a Comment

Links to this post:

Create a Link

<< Home