2023 IT Examiner School
A New Reality
• The endpoint is the perimeter • The user is the perimeter • The business process is the perimeter • The information is the perimeter There is no perimeter
• Compliance ≠ security, like a firewall ≠ security • It’s a resource and budget conflict, and it splits focus Compliance may threaten security
• Security has grown well past the “do-it-yourself” days • The rate of change and diversity of products makes it difficult, if not impossible, to keep up Technology without a strategy is chaos
IT/Cyber Risk is Business Risks Review • IT can provide significant benefits to an enterprise, but it also involves risk • Associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise • Consists of IT-related events that could potentially impact the business • IT creates challenges in meeting strategic goals and objectives and uncertainty in the pursuit of opportunities • Almost every business decision requires management to balance risk and reward • IT/Cyber risk is operational risk and should be treated like other key business risks • Many executives tend to relegate IT risk to technical specialists outside the boardroom
Made with FlippingBook - Share PDF online