Information security is the bedrock of any information risk-management system, and oil and gas companies are becoming more adept at minimizing risk by bolstering these systems across their organizations. Information technology (IT) is becoming such an important facet to these businesses and their disaster-recovery and business-continuity planning that the security issues now often spread to the upper echelons of many organizational charts, even to boards of directors and audit committees. In fact, the industry is seeing an increase in the number of executives in charge of company IT assets. Such arrangements play a powerful role in IT security and can result in strategically aligning IT-security issues with business objectives. Oil and gas companies should evaluate the following as global priorities when assessing information security:Integrating information security within the organizationExtending the impact of complianceManaging the risks of third-party relationshipsFocusing on privacy and personal-data protectionDesigning and building information security Some of the regulatory changes that have taken place over the last few years, particularly related to the Sarbanes-Oxley Act in the United States, have caused companies to move from a reactive to a more proactive mode. While many energy companies still would rather spend capital on commodity assets than on information assets, they are slowly shifting as they recognize that information security is a top business driver. IT security is becoming a part of the discussion in the context of a company's priorities. Whether those priorities include adding new acreage or adding rigs, E&P companies are leveraging technology more and more, and, as that technology is leveraged, the need for IT security rises. As Technology Is Leveraged, Risk Rises As companies grow through expansion or from mergers and acquisitions, computer networks can multiply and expand like cell division. Gradually adding bits and pieces to a network, especially when knowingly or unknowingly commingling sensitive data, increases risks and elevates the need for IT security. Not long ago, petroleum engineers, for example, examined geology assets in a back room, working safely within a secured computer network. Today, more and more of these professionals are performing such work on broader company networks, a move that saves companies money, but also elevates the possibility of data being compromised. The notion of E&P companies leveraging communications technologies is not new, but they are constantly breaking new ground where applications are concerned. Fiber-optic networks, for example, are commonplace, and energy companies are now investing billions of dollars to lay these systems in the Gulf of Mexico and at other offshore asset locations. They know that as they go out into deeper water, the fiber-optic network will offer better communications capabilities for current and future processing facilities and drilling activities.