Some experts say that security VARs and consultants aren't doing enough to help their clients formulate meaningful security metrics
. The argument is that the typical security metrics aren't business-focused enough (e.g., cost reduction), so most companies end up viewing security as just an overhead grudge purchase.
Do you think more can be done to make a positive business case for IT security? What advice would you give to help VARs and consultants make that case?
April 9, 2008 6:40 PM
July 21, 2008 4:56 AM