IIA Canada National Conference - September 14 - 16, 2020

Managing Cyber Security Risk Through Effective Audit Programs

Day 2 - Concurrent Session 6 - Track 5
15 Sep 2020
14:45 - 15:35
Day 2 - Concurrent Session 6 - Track 5

Managing Cyber Security Risk Through Effective Audit Programs

Level: Basic

In today’s business world, as organizations expand and grow their operations by leveraging information through technological tools and operations, it increases their visibility and in turn their exposure to cyber security threats at a global scope.  Every day businesses have their data compromised through various different threats. It is no longer “If” but rather “When“ will the data be compromised. The complexity of the connected environments as well as the growing sophistication and rapidly evolving threats make these attacks and managing the cyber security risk a significant challenge to ensure an effective governance structure. In turn these risks could lead to issues such as reputational, financial or legal just to name a few.

Therefore, the internal audit teams need to work as a value-added partner of the business to rapidly adopt and respond to shifts in our cyber security risks and opportunities by providing more timely, accurate and complete information in order to facilitate achieving the overall mandate and direction for the organization. An effective cyber security audit approach based on the best practice guidance, is a means to help manage these risks by providing the stakeholders with the assurance that the established processes and controls are able to provide the required protection to ensure confidentiality, integrity and availability of the information from internal or external threats.

As a result, this session will link to the IT audit and cyber security conference topic by identifing from a practical perspective the relevant domains (governance, cyber risk assessment, application security, third party assurance, incident response, identify management, data security and privacy as well a physical security) that needs to be included as part of an effective cyber security assessment in order to ensure effective controls and processed in managing these risks..  This session will further provide a practical IT audit approach in managing the cyber security risks within each of the domains through an effective identification and assessment of the processes and controls within each of these domains

In this presentation, participants will be able to:

  • Understand cyber security evolution and challenges and linking the cyber security audit to the risk and control frameworks

  • learn from a practical perspective, a risk-based approach in auditing cyber security.

  • identify potential observations, their impact and practical recommendations in order to manage the cyber security risk.