Risk management, policy, compliance and the rest of the 'boring' parts of where security collides with business, are all incapable of generating their own atomic metrics of results. Speaking to security analyst Conrad Constantine, he said that these areas are “just conjecture”, as formalised security monitoring and response can generate detailed metrics for all these processes. He said: “Do you have a security policy? Are you monitoring for violations of that policy in...
Read more