Another day, another security ROI blogwar.
- "Schneier on Security ROI": "It's a good idea in theory, but it's mostly bunk in practice." and "The term just doesn't make sense in this context."
- Richards adds to it: "Schneier Agrees: Security ROI is "Mostly Bunk""
- "Security ROI - The debate continues": "ROI ... reared its ugly head."
- "FOI, Failure of Investment": "Not that you asked, but IMHO: ROI and TCO are SWAG at best. And, they are rarely at their best." The secret weapon of ROI war - FOI - is thus unleashed!
- "Yet more evidence: your CISO needs an MBA" - a very good view of ROI as "comparison tool", nothing else.
- "Can you get ROI from reduced costs?" - a key missing piece for "ROI puzzle", so-called 'return in the form of savings' is finally (!?) clarified by Pete Lindstrom.
- This is also very relevant :-)
Overall, I love it when educated peoples' debate just falls waaaay down to the level of "I won't care what YOU call it as long as you don't care what I call it...." Yuck! :-)