The risky six

Christophe BARDY - GRACES community
15/9/2023
Propulsé par Virginie
Cet article est réservé aux membres GRACES.community

Is the board of your organization under the impression that the organization is cyber resilient? On what is the impression based? Has the internal audit team assessed the organization's cyber resiliency?


Practitioners and researchers from The IIA and EY conducted extensive analysis to determine the root cause of how and why boards within all industries get a skewed picture of their organizations’ ability to protect themselves from cyber-related risks with the requisite resiliency.


The team identified six key questions that if unanswered, or answered with a 'No', likely means a disconnect exists:

1. Has the organization conducted a recent enterprise-wide cyber risk assessment?

2. Has the organization implemented a data governance program beyond basic classification?

3. Have cyber risks and responses been incorporated distinctly into the crisis management program?

4. Has the organization conducted a recent third-party and/or joint venture cyber risk assessment?

5. Is cybersecurity included in the audit plan and/or is internal audit being leveraged as a tool to help the organization assess the management of cyber risks?

6. Is the effectiveness of cyber controls measured and reported in a consistent, meaningful manner?


Envie de lire la suite de l’article ?
Il vous reste 50% de l’article à lire
Inscrivez-vous sur GRACES.community pour profitez de toute l’actualité compliance
directement depuis votre espace Membre !
M'inscrire

Plus de 200 sociétés ont trouvé leur compliance officer avec GRACES.community,

et si c’était vous ?