Read this week´s Richard Chambers blog ”When the SEC Speaks About Cybersecurity, We’d All Better Listen”.
This blog includes various links to materials covering several aspects of cybersecurity. One example of these materials is the IIA’s Global Technology Audit Guide (GTAG) ”Assessing Cybersecurity Risk”. According to this GTAG, internal audit plays a crucial role in assessing an organization’s cybersecurity risks by considering:
- Who has access to the organization’s most valuable information?
- Which assets are the likeliest targets for cyberattacks?
- Which systems would cause the most significant disruption if compromised?
- Which data, if obtained by unauthorized parties, would cause financial or competitive loss, legal ramifications, or reputational damage to the organization?
- Is management prepared to react timely if a cybersecurity incident occurs?