The core competencies of information security groups—such as risk analysis, business continuity, incident response, and security controls—remain equally relevant as the scope of information-related risk expands to new areas like privacy and financial regulations. But rather than saying “no” to new initiatives, we need to figure out how to say “yes” and think creatively about how to manage the risk.
