IT Examiner School

A New Reality

• The endpoint is the perimeter • The user is the perimeter • The business process is the perimeter • The information is the perimeter There is no perimeter

• Compliance ≠ security, like a firewall ≠ security • It’s a resource and budget conflict, and it splits focus Compliance may threaten security

• Security has grown well past the “do ‐ it ‐ yourself” days • The rate of change and diversity of products makes it difficult, if not impossible, to keep up Technology without a strategy is chaos

IT/Cyber Risk is Business Risks • IT can provide significant benefits to an enterprise, but it also involves risk • Associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise • Consists of IT-related events that could potentially impact the business • IT creates challenges in meeting strategic goals and objectives and uncertainty in the pursuit of opportunities • Almost every business decision requires management to balance risk and reward • IT/Cyber risk is operational risk and should be treated like other key business risks • Many executives tend to relegate IT risk to technical specialists outside the boardroom