Security is Golden My son used the word "beast" in a strange context a few weeks ago. When I asked, he said it meant "awesome". Later in the day I wondered, what is beast about security? In a business context, security protects assets, keeps secrets confidential and helps ensure availability of products and services. Business managers consider the expenses associated with security programs. That cost must be commensurate with risk to business objectives. In the end, companies are in the business of making money. Security managers must prove their programs and controls are necessary and cost efficient. With that in mind, I established a blog dedicated to validating Security Return on Investment (SROI): http://www.securityisgolden.com Typical posts contain security metrics, with references to reports, surveys and studies. To a lesser extent, I also post references to threat and compromise trends, large data compromises and information security resources. You can subscribe by e-mail or RSS feed. I hope you find this resource of use. Kind regards, Gideon Gideon T. Rasmussen CISSP, CISA, CISM, CIPP Charlotte, NC http://www.virtualcso.com http://www.securityisgolden.com http://www.infosecresources.com http://groups.yahoo.com/group/gideons-infosec-list Posted: Sat May 2, 2009 1:11 pm INFOSEC List: