BreachA risk-based approach is needed to protect critical informationJohn W. ThompsonApril 8, 2008What we need now is a fundamental shift in our approach to IT security -- one that takes an information-centric view of security.