Organizations are poorly prepared to protect themselves against cyberattacks.
In this issue, we offer a package of articles on the important topic of cybersecurity. As recent incidents such as Colonial Pipeline, JBS, and Kaseya demonstrate, cyberattacks aren’t slowing down. They are becoming more sophisticated and costly — and many organizations are poorly prepared to protect themselves.
The IIA recently released two Global Technology Audit Guides (GTAGs) that address internal audit’s role in helping protect their companies. Assessing Cybersecurity Risk: The Three Lines Model, released in late 2020, says auditors should assess:
- Who has access to the organization’s most valuable information?
- Which assets are most likely to be attacked?
- Which systems, if compromised, would cause the most significant disruption?
- Which data, if obtained in an attack, would cause financial or competitive loss, legal ramifications, or reputation damage?
