Here is the latest in a continuing thread by two of my favorite security/risk bloggers. I really could not agree more with iang's conclusion, which i summarize as: security must be considered in the context of the business.
Here is my own little contribution to the security metrics conversation
A teacher asks the class, 'If there are nine sheep in the pen and one jumps out, how many are left?'
A little girl says, 'None of them are left.'
The teacher shakes her head sadly and says, 'You don't understand arithmetic.'
The girls says, 'No, you don't understand sheep.'
Comments