The Fatal Flaw in IT Risk Management

The spate of high profile data breaches have, if nothing else, proven that organizations are managing risk poorly. Part of the blame for that lies in a fundamentally flawed way that companies gather risk data. With the growing use of GRC portals, there is a reliance on questionnaires and surveys to gather risk data. This approach is generating flawed data and subsequently flawed risk management.