What to do: Be curious, ask questions about how risk is measured, educate yourself and your teams, and reflect back to your stakeholders on how IT components figure into the risk equation.

An effective governance, risk and compliance platform is difficult to implement, but the potential return on investment - in the form of tangible business value and reduced costs - is huge.

For many CIOs and IT managers, the benefits of moving to the cloud—increased efficiency, reduced cost, excellent scalability, pay-as-you-go pricing, the latest technology without the capital expense—are offset by concerns about security and service quality.

Risk analysis.....risk assessment.....compliance assessment. Are these concepts as confusing to you as they are for most IT professionals?

This guidance provides the Division of Corporation Finance's views regarding disclosure obligations relating to cyber security risks and cyber incidents. The statements in this CF Disclosure Guidance represent the views of the Division of Corporation Finance. This guidance is not a rule, regulation, or statement of the Securities and Exchange Commission.

Enabling a streamlined, automated, and collaborative approach to vendor risk management with MetricStream.

Introduction: Corporations often depend on hundreds of vendors to fulfill their business processes. Single sourcing puts institutions at risk by making them too dependent on one vendor. On the other hand, multiple sourcing dilutes vendor accountability, and makes vendor collaboration and coordination much more challenging.

Introduction: Information technology risk teams know well that the scope of IT risks can be very broad – ranging from technical security risk, to IT operations risk, through to operational risk and enterprise risk.