Effective risk mitigation: Internal audit and cyber security & privacy
The areas of risk identification and mitigation have exploded for organizations since the turn of the new millennium. With data becoming an organization’s most valuable asset, it has also become its most vulnerable.
Cybercriminals are continually targeting potential weaknesses in your security stance. Cyber-attacks can culminate in an organization suffering costly or irreparable operational, financial and reputational damage.
As organizations move to digital to capitalize on new technologies and innovations to deliver business results, they also need to ensure that they build and maintain customer trust. Data privacy, financial impacts of cyber breaches, director and officer liability, are increasingly important areas stakeholders and regulators demand transparency on. Your audit committee should be up to date on when breaches have occurred, what’s trending, how they are being addressed and what management is doing about ineffective controls.
Internal audit is one of the few voices that is purposely positioned to go across the entire organization, and it is able to look at how the different parts work with each other and make sure the right information is getting to the right people.
Are your organization’s Cyber Security & Privacy policies and procedures meeting expectations? MNP’s National Cyber Security Leader, Danny Timmins, delves into the benefits of conducting an independent review of security measures and performances through internal audit.
Highlights include:
- 6 principles Internal Auditors should live by
- 6 steps to secure your business
- Key questions Internal Audit should ask
Danny Timmins CISSP
Danny Timmins, CISSP, is MNP’s National Cyber Security Leader and a member of the firm’s Enterprise Risk Services team. Drawing on more than 20 years of experience, Danny is responsible for leading and mentoring an experienced, highly skilled cyber security team in the delivery of customized, client-focused cyber security managed services, product solutions and professional services.
Danny’s expertise includes working with executives and boards to assist with the development of prioritized and strategic cyber security strategies. By focusing on deliverables that fit clients’ unique business needs and objectives, he helps organizations improve awareness and reduce and manage overall cyber risk.
This article was originally published on The Institute of Internal Auditors’ website and is reproduced with permission.