Data is increasingly getting digitized and the internet is being used to save, access and retrieve vital information. Protecting this information is no longer just a priority—it has become a necessity for most companies and government agencies around the world. Cybersecurity refers to the business functions and technology tools used to protect information assets.
This guide includes: (1) The definition of cybersecurity, types of threats, methods of penetration and security measures, (2) Internal audit's role in cybersecurity, selecting a control framework, cyber risk identification and assessment, and cyber risk management, and (3) 10 steps internal audit can take as the 3rd line of defense, and (4) How internal audit can contribute to the five key components crucial to cyber preparedness.
These five key components include: protection, detection, business continuity, crisis management/communications and continuous improvement.