Stories by Richard Stiennon, chief research analyst, IT-Harvest

  • Why risk management fails in IT

    It is frustrating to see the amount of budget allocated to compliance when you consider that most of the money goes to documenting security controls, not improving defenses. One of the biggest reasons is that risk management, a carry-over from the bigger world of business, does not work in IT security.