What we’re reading, week of 9/15

Posted: September 15, 2008 in Highlights

Last week, we pointed to a post from Andy, IT Guy, about the concept of “Failure of Investment” to measure security initiatives. As this idea has taken root and inspired some discussion among other bloggers, this week we’ll explore the reaction to Andy’s idea.

From Uncommon Sense Security…
FOI, Failure of Investment
Jack Daniel supports Andy’s FOI theory and offers some supporting evidence from his work with a variety of small to mid-sized companies.

From Security Provoked…
Failure-on-Investment a More Accurate Measure of Security?
Sara Peters, meanwhile, is a bit more skeptical. She argues that for some companies, there are more factors that stakeholders find important other than the technical success or failure of a security investment – savings due to meeting regulatory standards, for instance.

From Andy, IT Guy…
FOI in depth
Andy responds to the ongoing discussion and Sara’s challenges by reiterating that measures other than FOI are beside the point. Compliance is not its own reward, after all; it’s a means to an end – the end being actual protection of data. “Security for the sake of security is no security at all,” he says.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s