Earlier this week Richard Stiennon published an article that questions the value of in IT, and I would argue that, although risk management presents challenges to IT, best practice-driven approaches leveraging aspects of risk management are essential to good .

Stiennon's perspective reflects the prevailing view in the media -- supported by valid industry statistics -- that IT security is losing the war against the bad guys. are front page news and companies are being fined millions of dollars for losing personal information. Given we have been fighting this battle for so long, we must have made some progress, right?

SECURITY ROUNDTABLE:

THE OTHER SIDE:

We can definitely say we have. The fact is, IT security is becoming more sophisticated. It is a journey and, while we have a way to go, there is definite progress toward repeatable, best practice-driven approaches that have been used in other aspects of risk management.