Why risk management fails in IT
It is frustrating to see the amount of budget allocated to compliance when you consider that most of the money goes to documenting security controls, not improving defenses. One of the biggest reasons is that risk management, a carry-over from the bigger world of business, does not work in IT security.
Read more: Why risk management fails in IT
Story added 16. October 2012, content source with full text you can find at link above.