Security execs push for broader use of metrics
Measuring IT security risk and the effectiveness of corporate defences can be a difficult and somewhat imprecise task. But that shouldn’t be an excuse for not trying to gather such metrics, IT managers said at the annual RSA conference in San Jose, California.