Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk. Read more