Today, an Information Technology (IT) Manager (or CIO) in even Small-to-Medium businesses (SMB) often must oversee networks of 100’s of systems, components, and resources (e.g., people). Every item (asset) has its own expense-to-the-company profile from sorting out the Return on Investment (ROI) to understanding the Total Cost of Ownership (TCO) over however many years the asset will be employed in the total infrastructure. And the color of money factors in also; some things can be paid for from CapEX (capital expense funds) and others paid for from OpEX (operational expense funds). Normally money cannot move between categories, therefore both budgets must be managed. All of these calculations and presumptions must roll up together to allow for projecting the total IT Budget. Miscalculate or underestimate one cost, and some other needed asset goes un-purchased, or unsupported, or a person let go.
A first cut at itemizing the many factors and considerations for pricing out system scanning for software and then patching software as required to maintain a level of security was released on July 27, 2009. The Version 1.0 model, an ongoing effort from the Quant Project begun in late 2008, provides a bridging between hard number expenses while beginning to address the myriads of factors that can be combined for any given circumstance. More so, the model is crafted to provide the needed flexibility of adding or ignoring factors for an individual circumstance allowing it to be readily customized for a broad variety of analyses even beyond its original purpose of patch configuration management.
