Technology managers trying to justify and prioritize IT security spending are searching for some way to quantify the risk management benefits. But a lack of standard processes and the wide variability of factors that affect risk are making it hard for companies to collect such metrics, users said last week at a conference here organized by Gartner Inc. “There is an increasing focus on measuring security effectiveness,” said Carl Cammarata, chief information security officer at automobile association AAA Michigan in Dearborn. Companies are realizing that “you can’t manage what you can’t measure.” Driving the trend is the fact that security budgets have been rising by 20% annually over the past couple of years, said Richard Hunter, an analyst at Stamford, Conn.-based Gartner. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.