On Uncertain Security is an excellent blog post about the uncertainty principle in risk management.
In general, risk management in an inexact science. We can reasonably eliminate all risk, nor can we promise management that our layers of controls will never fail. Setting proper expectations, inspecting what we expect, and practicing due diligence will get us as close as possible to the promised land of the secure network.
Tom Olzak on Security 