As Internet-based businesses build and scale their operations, the need to protect their user's information and their own IT infrastructure becomes increasingly important. Information security is a big concern as recent high profile breaches at leading internet companies have demonstrated, and many Internet-based businesses see the value of using technology to build and sustain robust information security and IT risk management programs that protect them from emerging cyber threats.

The challenge of enterprise risk management programs for many organizations has always been how to quantify "value" and effectively harness data across the enterprise. Risk management consultants believe there is now a solution in emerging data mining and analytic modelling technology that effectively turns "data" into true risk intelligence.

What to do: Be curious, ask questions about how risk is measured, educate yourself and your teams, and reflect back to your stakeholders on how IT components figure into the risk equation.

An effective governance, risk and compliance platform is difficult to implement, but the potential return on investment - in the form of tangible business value and reduced costs - is huge.

For many CIOs and IT managers, the benefits of moving to the cloud—increased efficiency, reduced cost, excellent scalability, pay-as-you-go pricing, the latest technology without the capital expense—are offset by concerns about security and service quality.

Risk analysis.....risk assessment.....compliance assessment. Are these concepts as confusing to you as they are for most IT professionals?

This guidance provides the Division of Corporation Finance's views regarding disclosure obligations relating to cyber security risks and cyber incidents. The statements in this CF Disclosure Guidance represent the views of the Division of Corporation Finance. This guidance is not a rule, regulation, or statement of the Securities and Exchange Commission.