Have all high-risk technology systems been identified?

Utilize a basic IT risk assessment and focus your resources on high-risk areas to help you evaluate your security control efforts.