Author:
Bozkus Kahyaoglu Sezer,Caliyurt Kiymet
Abstract
Purpose
The purpose of this study is to analyze the cybersecurity assurance approaches to determine the key issues and weaknesses within the internal audit and risk management perspective. Organizations increasingly rely on digital data to drive their growth and they are interconnected in a complex web to a multitude of stakeholders.
Design/methodology/approach
In this paper, cybersecurity is defined, and cybersecurity assurance model is explained based on the relevant literature. In addition, the role of internal auditing is introduced within this new business landscape. Finally, recommendations are made to provide best practices for stakeholders.
Findings
There are four major cyber-focused standards and frameworks in the current literature, namely, Control Objectives for Information and Related Technology, International Organization for Standardization, The American Institute of Certified Public Accountants and National Institute of Standards and Technology. In addition, there are many mechanisms in existence and operation currently which support cybersecurity assurance to prevent major threats. These include risk assessment, risk treatment, risk management, security assurance and auditing.
Research limitations/implications
Cyber risk is not something that can be avoided; instead, it must be managed. Hence, it is very important to maintain formal documentation on related cyber controls. Internal audit should be an integral part of cybersecurity assurance process, as internal audit have a unique position to look across organizations. The contribution of internal audit also provides comfort to the Board and Audit Committee.
Practical implications
A model is introduced how the internal audit and information security functions could work together to support organizations accomplish a cost-effective level of information security. The key issues and approaches are explained for how to become a trusted cybersecurity advisor and a sample cybersecurity awareness program checklist is provided at Appendix 1.
Social implications
Considering cybersecurity threats grow with speed, complexity, and impact, organizations are no longer satisfied with an answer to a question like “are we secure?” instead, they need the answer for such a question like “how to give a reasonable assurance that our business will be secure enough?”. In that respect, the role of internal audit is discussed based on the relevant literature and the current condition of the business environment.
Originality/value
A model is introduced how the internal audit and information security functions could work together to support organizations accomplish a cost-effective level of information security. The key issues and approaches are explained for how to become a trusted cybersecurity advisor and a sample cybersecurity awareness program checklist is provided at Appendix 1.
Subject
Accounting,General Economics, Econometrics and Finance,General Business, Management and Accounting
Reference32 articles.
1. Accenture and Chartis Research (2017), “The convergence of operational risk and cyber security”, available at: www.accenture.com/t20170803T055319Z__w__/us-en/_acnmedia/PDF-7/Accenture-Cyber-Risk-Convergence-Of-Operational-Risk-And-Cyber-Security.pdf (accessed 5 October 2017).
2. AHIA and Deloitte (2017), “Cyber assurance: how internal audit, compliance and information technology can fight the good fight together”, Whitepaper, Guidance for Healthcare Internal Auditors and Compliance Professionals, available at: www.ahia.org/assets/Uploads/pdfUpload/WhitePapers/CyberAssuranceWhitePaper.pdf (accessed 1 November 2017).
3. Atkinson, R.D. Ezell, S.J. Andes, S.M. Castro, D.D. and Bennett, R. (2010), “The internet economy 25 years after .com: transforming life and commerce,” Information Technology and Innovation Foundation (ITIF), available at: www.itif.org/files/2010-25-years.pdf (accessed 18 August 2017).
4. Cayirci, E. and Ghergherehchi, R. (2011), “Modeling cyber attacks and their effects on decision process”, Proceedings of the 2011 Winter Simulation Conference, available at: www.informs-sim.org/wsc11papers/236.pdf (accessed 9 September 2017).
Cited by
44 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献