Internal Audit’s Increasing Cyber Security Role: –
Common Internal Audit Cyber Risk Activities –
1. Independently evaluate preventive and detective measures.
2. Evaluate IT assets of privileged access users.
3. Track remediation diligence.
4. Conduct cyber-risk assessments of service organizations, third parties, and suppliers.
Performing Cyber Risk Assessments
A. Characterize the system (process, function, or application)
B. Identify threats
C. Determine inherent risk & impact
D. Analyze the control environment
E. Determine a likelihood rating
F. Calculate your risk rating
G. Prioritize risks
H. Document results in a risk assessment report
