When Nothing is Better than Something

Any reasonable information security system consists of two fundamental components: (1) a risk assessment; & (2) controls that minimize those risks.  In this article I want to talk about the risk …