Dec 8, 2021
Organizations want their security investments to achieve intended results and drive significant positive ROI like any business function. For such clarity, how much security organizations need and how much they should pay must be calculated based on operations and technology costs, risks mitigated, and benefits realized. Also, explicit metrics must drive security effort evaluation, performance, and the required adjustments. So how can we move to such outcome-driven security?