Defining Security through Risk Management - Course Monster Blog APMG
If risk management is not taken into consideration when designing and implementing security procedures, the result is an impossible situation.
For example, duplicate or too many controls could result, which would be quite expensive. Additionally, you should concentrate on reporting to management the consequences of the controls rather than their