Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attacks, damages or unauthorized access. Data breaches are occurring more frequently. There are increasing pressures for businesses to step up efforts to protect personal information and prevent breaches. Cybercriminals attack to gain political, military or economic advantage. They usually steal money or information that can eventually be monetized (e.g., social security numbers, credit history, credit cards, health records, etc.).
This document can be used as a guide for understanding internal audit’s role in an organization’s cybersecurity process.