Today’s information security project manager faces the same dilemma that many engineers have learned to deal with over the decades – how to deal with incomplete information. Rigid time-lines do not allow for much flexibility when the information sought to complete designs or implement solutions is not available. Given the management concerns and compliance reluctance…