The primary categories of Information Technology risk that have been identified by Enterprise Risk Management at McMaster University are Information Security and Technology risk. Information security risk relates to the principles of confidentiality and integrity of