It’s all too often that front page news includes a report of a high-profile cyber security breach. No organization is immune to the threat of a cyber-attack. As stewards of a company’s assets, CFOs and Controllers need to work with their Information Security counterparts to identify and mitigate the risks associated with protecting data. This course starts by differentiating information security, cyber security, and network security and reviewing SOX requirements about internal controls over data. This course connects the dots between Enterprise Risk Management and InfoSec Risk Management. We will review the importance of addressing cyber risk and the financial impact of a cyber-attack and discuss four strategies an organization uses to mitigate cyber risk.