Compliance and !nancial risk used to be the driving concerns for security and risk management. Audits and governance processes were predictable
events that IT attempted to minimize and automate. Risk was a fairly static concept.
However, today the pace of threats—“low and slow” as targeted attacks or lightning fast as cyberactivism and malware outbreaks—demands that executives and IT administrators pay more attention to unfolding events and make rapid
risk-based decisions on mitigation.
Of course, compliance and financial risk have become dynamic too. Consider that regulators independently re!ne more than 200 guidelines around the world as the surging economy reshapes business opportunity. That once static risk picture now fluctuates like a kaleidoscope.