My notes included covering:
- Quantifying risk
- Quantifying cost
- Quantifying potential loss
A case study I wrote about the Target breach has some of that at the beginning, including cost to business itself, business leaders, board, customers, business partners and banks.
http://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412
Given recent events, I think the world is starting to care. Sony was hacked by a foreign government. Movies were canceled. Kids' Christmas's were spoiled. Just think if this were an actual war and more than movies and games were at stake....
I think the Sony breach exemplifies the need to take security seriously and the precipice on which we are teetering because security is such an esoteric topic with many subtleties that people misunderstand - or can be fooled into underestimating the consequences. Not to mention the fact that many organizations are breached for periods averaging 11 months before they realize it according to a recent data breach report.
Just went to see The Imitation Game. It's a great movie based on a true story - and one those who tend to blow off the "crazy people" talking gibberish they don't understand might want to see to consider what they might not know and why they should listen.