No ROI for Security or Legal

Last night I watched a Dateline NBC story about the fast food industry's defense against lawsuits alleging their products cause obesity. This reminded me that these corporate legal teams are similar to corporate security teams. No one is going to increase funding for their legal department and see improved productivity or higher profits. Yet, legal is still a necessary requirement for doing business -- especially for staying in business.

You may remember this earlier comment:

Marcus [Ranum] said "security ROI is dead" and "legislation has made security a cost." He predicted "we will be competing with legal for money (or working for them) in the next five to ten years." To hammer the point Marcus then said "there never was a security ROI."

I'd enjoy hearing how corporate lawyers justify their budgets.


Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4