Monday, June 04, 2007

ROI, FUD, Selling Security and Relevance

This whole thing started with MJR podcast #2 called "Codependence", continued by the squeals here :-) and then culminated by a thoughtful post here followed by just-as-thoughtful comments.

One of them says: "Security may never be a clear vision to mgmt beyond compliance, negligence, and regulations [AC: kinda compliance as well ...]" and further "if there is no benefit to the company other than as an insurance role, there is really not much hope beyond a CYA approach."

Well, so? :-) That is actually a lot! If security is made mandatory, all this ROI hoopla will subside. FUD will be gone. Other good things will happen (and some bad), but I would really not consider that scenario to be that bad at all ...

Dr Anton Chuvakin