Understanding the Organization’s Approach to Cyber Threats
The scope of cybersecurity varies across organizations. Some define the scope as a limited role restricting cybersecurity to Internet-related activities; others include all forms of information and technology risk. From an audit governance perspective, technology audits have evolved from the “all-inone” general controls review to a more specific and nuanced approach that divides cybersecurity concerns into multiple audits or limited reviews. This approach allows organizations to target evolving threats and emerging risks that could lead to the more effective identification of more severe exposures.
The key for audit committee members is to ensure that they have a current and complete understanding of the cybersecurity threat landscape, and use that knowledge to help management and auditors navigate their organizations around the pertinent business risks. Many opportunities exist for audit committee members to understand the evolving threat landscape better and provide ongoing commentary on the threat landscape. Niche think tanks such as Gartner; academic cybersecurity research centers, including MIT and Carnegie…
