Though the personal preference of the securityofficer might be that virtual systems are not used, that securityofficer must recognize that there will always be risk associated with meeting the business objectives.
Yet another impediment to addressing the risk is the lack of wide authority vested in the role of chief information securityofficer, Robinson explained.