From RSA 2006: Scientist says metrics are a must
While measuring risk is challenging and may never be exact, companies can employ a common model that will guide them toward making proper IT security business decisions, an expert panel said today at the RSA Conference in San Jose.