1. What you don’t know about IT Controls can cripple your business “ Yep, son, we have met the enemy and he is us.” - Pogo, 1971 Presented by: Bill Lisse , CISSP, GIAC PCI, GIAC HIPAA, SSCA, Security+ SME IT Audit Manager

2. “ Only 1 of 10 firms are leveraging Information Technology (IT) compliance (Controls)…that could help mitigate financial risk from lost or stolen data.” Source: ITpolicycompliance.com. IT Policy Compliance Group. “Why Compliance Pays: Reputations and Revenues at Risk,” July 2007 Leading Organizations 1 of 10 are well-positioned Normative Organization 7 out of 10 could substantially reduce financial risk Lagging Organizations 2 out of 10 have the most to gain Why should business leaders care?

3. Leaders versus Laggards Leaders have the fewest business disruptions – only two or fewer disruptions annually Laggards experience 17 disruptions or more per year Leaders have 2 or fewer data losses or thefts per year Laggards have 22 or more data losses per year

4. Financial Risks - An 8 percent decline in market value of stock for publicly traded firms – some never recover - An 8 percent loss of customers - A temporary decline in revenue of 8 percent - Additional costs for litigation, notification, settlements, cleanup, restoration, and improvements averaging $100 per lost customer record ! Source: Oxford Executive Research Briefing, Impact of Catastrophes on Shareholder Value

5. Average Cost $1,662,720 This does not include potential civil litigation is class action lawsuits.