What's the True Cost of Security?

There's something about economics that tends to act like the anti-coffee to most folks. Their eyes glaze over, the head starts to kinda bob back and forth, and before you know it they're snoring on the conference-room table. When it comes to security, we want to focus on the exciting, glamorous parts--the pen tests and intrusion prevention--while we ignore some of the things (like HR policies) that can have a huge overall impact. In this podcast, I talk with John Pironti of Unisys, who has spent a lot of time thinking about the economics of security. I was impressed because he's gone beyond the questions of cost (always the key to security business analysis) to talk about the issues of tangible economic benefit.

If you're still bruised from your last encounter with the budget committee, you'll want to spend some time listening to this podcast. This one goes a few minutes longer than our normal podcast, but I think the five extra minutes are well worth it. You can listen to the podcast here. After you do, drop me a note ([email protected]) to let me know whether you agree with the kind of analysis that John is applying to security.

If you you haven't already subscribed to the podcast, look over to the left, you'll find the link to subscribe to the Security Channel podcast. In addition, I'd like to ask a favor. Take a minute to drop me a note at [email protected], and let me know what you'd like to hear in future podcasts. A podcast can be short or long, serious or amusing, hands-on or quite strategic. Let me know what you'd like to listen to, and we'll do our best to make it happen.

The music in this podcast is "Bugeater" from the album Aeonblue by subatomicglue. They release their music under a Creative Commons license--if you like the sound, head over to their web site and check out the rest of their music.