The realities of risk management are that risks are impossible to eliminate, resources are finite, and risk profiles are ever-changing. Such is the case with cyber threats. Cybersecurity attacks continue to be the focus of front-page media coverage and remain a highly relevant topic in the boardroom.

Cutting across strategy, risk management, change management and access control, information security is concerned with confidentiality, integrity and availability of information systems. This issue of Board Perspectives: Risk Oversight, articulates why it’s important to focus on protecting an organization’s most important information assets and systems, by understanding the changing threat landscape and preparing for the inevitable incidents.