I have been in several discussions recently where the idea of analyzing Information Security spend has been a topic. The ideas have either been wildly different, or have used a model that is difficult to understand and not replicable by…