Rather simplistic. Qualative risk methods fail to cover the real costs and have an emotive component.

The ROI is further compromised as the value of a "good" audit vs a "good" pen.test is not considered.

Craig...

[ more ]  [ reply ]