When discussing the effectiveness or maturity of a security program, budget is one of the criteria most often mentioned. Does it make sense to evaluate security in terms of budget? Further, is budget necessarily a good way to measure a security program? My thoughts on this topic are in my latest SecurityWeek piece entitled "Is Budget A Good Security Metric?": http://www.securityweek.com/budget-good-security-metric.