Introduction

If you like banging your head against the wall and having to fight for every security improvement in your environment, then your best bet is to force your organization to fix every risk that you uncover. If you would rather have at least a day or two of peace per year, then start reciting the mantra “prioritize, reduce, plan, and accept.” Even now, there remains a culture of close every gap and eliminate every risk within the information security industry. Hopefully, by the time you are finished reading this book, you will be converted to the religion of risk management ...