Are you wasting your security dollars again??
I frequently write about attaining and measuring value in security, but I have never come across such a systematic and to-the-point analysis as Richard Bejtlich’s TaoSecurity post. Here’s an excerpt:
Are you secure? Prove it. These five words form the core of my
recent thinking on the digital security scene. Let me expand "secure"
to mean the definition I provided in my first book: Security is the process of maintaining an acceptable level of perceived risk. I defined risk as the probability of suffering harm or loss. You could expand my five word question into are you operating a process that maintains an acceptable level of perceived risk?
thanks to Hoff’s most excellent blog, Rational Survivability, for drawing my attention to it.