“If IT security departments want to truly meet the risks posed by today’s advanced threats, they need to get more scientific with how they develop their strategies. Because based on the breach statistics and malware infection rates, the old methods aren’t even close to adequate, security experts warn.”4 Reasons Why IT Security Needs Risk Management – Dark Reading.
Other good reads on Dark Reading
Companies should not trust vendors’ claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses.
There complete Black Hat USA coverage.