Talk may be cheap, but the infosec price tag is not. It shouldn't come as a surprise that the infamous TCO (total cost of ownership) and ROI (return on investment) justifications have descended upon the unsuspecting troopers in the infosec trenches. Apparently, it's time for us security geeks to learn some new tricks.. . .
Talk may be cheap, but the infosec price tag is not. It shouldn't come as a surprise that the infamous TCO (total cost of ownership) and ROI (return on investment) justifications have descended upon the unsuspecting troopers in the infosec trenches. Apparently, it's time for us security geeks to learn some new tricks.

Like many people active in the security community, I spend a good portion of my spare time frequenting a select group of public mailing lists. One of my longtime favorites is the SecurityFocus IDS list, primarily because my intrusion-detection coverage for Network Computing has left me with an unquenchable thirst for knowledge and because of the high caliber of contributing list members. Amid all the normal mailing-list noise is some truly insightful dialogue. For example, shortly after a debate on NIDS (network-based intrusion-detection system) testing erupted, a completely nontechnical question burst into our inboxes: What's the ROI on an IDS solution? You expect to hear about packet normalization and application evasion techniques on an IDS list, but ROI discussions? Certainly not.

The link for this article located at Network Computing is no longer available.