Cybersecurity and the AICPA Cybersecurity Attestation Project
|
|
- Irma Hunter
- 7 years ago
- Views:
Transcription
1 Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force 2 October 2015
2 Increasing awareness of cybersecurity exposure for business and other entities Increased dependence on interconnected IT Transaction processing Increased value of information Acceptance of proof of identify in electronic form Cyber attacks have become more organized, profitable and persistent Cybersecurity has evolved into a critical business issue Page 2
3 Effective cybersecurity programs are now a necessity for most entities Goal of cybersecurity Supports integrity of system processing and the information stored on systems, including, but not limited to, systems and information significant to financial reporting Helps ensure systems and information are available when needed Reduces the risk of compromise of confidential information, including: Confidential personal information addressed by privacy laws and regulations Intellectual property and proprietary business data Page 3
4 Functions potentially involved in a cybersecurity program Board/those charged with governance CEO Senior management Risk management and compliance General counsel CFO/finance COO/operations CIO IT security Privacy office Others Page 4
5 Information regarding cybersecurity at an entity is needed Decision-makers include: Those charged with governance Investors Customers Business partners Regulators The information needed is mostly unique from what is needed for financial reporting purposes Page 5
6 Two distinct needs for cybersecurity information As it relates to financial reporting of entities: Impact of business risks on financial audit Impact of cybersecurity incidents on an entity s financial position and results As it relates to the business operations and compliance of entities: Evaluation of users risks Evaluation of the impact of entity s operations on users operations Page 6
7 AICPA/CAQ response Response of the profession in the US: Center for Audit Quality has been leading a discussion on the effect of cybersecurity on financial audits Separate and distinct from the AICPA cybersecurity attestation project Communication to firms AICPA has initiated a project to develop subject matter and attestation guidance for reporting on cybersecurity as it relates to the operations and compliance of an entity Page 7
8 Timeline of AICPA IT security auditing 1995: BS 7799 Predecessor of ISO 27001/ : BS 7799 adopted as ISO : Federal Information Security Management Act SysTrust Principles & criteria for systems reliability 2011 Trust Services Principles & Criteria SOC 2 Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy SSAE 16 Reporting on Controls at a Service Organization SAS 70 Service Organizations SAS 44 Special-Purpose Reports on Internal Accounting Control at Service Organizations WebTrust Principles & criteria for electronic commerce SAS 3 The Effects of EDP on the Auditor s Study and Evaluation of Internal Control Page 8
9 Current state of security attestation Trust services principles and criteria Updated 2014 Currently under revision for privacy criteria rewrite May be updated as a result of cybersecurity project Service organization reporting Principles Security Availability Processing Integrity Confidentiality Privacy Two different reports SOC 2 SOC 3 Page 9
10 CAQ communications to firms Auditor responsibilities Identifying and assessing the risk of material misstatement Understanding the nature of the entity and its environment Understanding the effect of IT on financial reporting and ICFR Consideration of financial statement misstatement risk Assessing the impact of any breaches on financial reporting and ICFR Page 10
11 Internal control and cybersecurity at an entity Objectives of internal control Components Control environment Risk assessment Information and communications Control activities Operations Security Change Management Entity level Division Operating unit Function System Monitoring activities Security controls addressed as part of a financial audit Page 11
12 AICPA cybersecurity attestation project Working group under the Assurance Services Executive Committee Support from the CAQ Member firm support Outreach to users and industry as the project develops Page 12
13 Existing security frameworks Many different security frameworks exist: Management frameworks establish defined processes for managing security ISO NIST Cybersecurity Framework for Critical Infrastructure Control frameworks establish guidance in implementing specific controls to address identified risks ISO and related NIST Special Publications (e.g., NIST SP ) The trust services principles and criteria are a reporting framework used to evaluate the results of management processes and the controls they implement. Page 13
14 AICPA cybersecurity attestation project Goal Identify the information needed by users for decision-making Develop cybersecurity information subject to engagement Identify suitable criteria for evaluating the subject matter Develop practitioner guidance Page 14
15 Key considerations for practitioners Cybersecurity is a business issue with financial statement implications, affecting customers, business partners, investors and the public. Entities of all sizes and in all industries are affected. Practitioners need to be able to support stakeholders by: Assessing the impact of a cybersecurity incident on financial statements Providing independent assessments of cybersecurity risk management to concerned stakeholders Providing an independent perspective regarding the entity s cybersecurity risks and risk management program to those charged with governance and senior management Page 15
16 Cybersecurity report conceptual structure Management will provide useful information based on established criteria. Management will assert to the fairness of presentation of the information and the design and operating effectiveness of the controls related to cybersecurity. We are currently in the early stages of development. Page 16
17 Page 17 Questions?
18 Contact information Chris Halterman EY 801 Grand Ave., Suite 3000 Des Moines, Iowa USA Page 18
19 EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US Ernst & Young LLP. All Rights Reserved. BSC No This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither Ernst & Young LLP nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.
Update on AICPA Assurance Services Executive Committee Activities
Update on AICPA Assurance Services Executive Committee Activities Amy Pawlicki Director Business Reporting, Assurance & Advisory Services and XBRL AICPA Agenda ASEC overview Summary of work streams by
More informationEPCS Third party audits the CPA perspective. 13 September 2012
EPCS Third party audits the CPA perspective 13 September 2012 Agenda Introduction History Report review Audit process Moving forward Introduction 1311.300 Application provider requirements Third-party
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationFeeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770
Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com SAS 70 Background 2 SAS No. 70 Reports on the Processing of Transactions by Service Organizations Independent examination
More informationSERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports SAS No. 70, Service Organizations Standard for reporting on a service organization s controls affecting user entities financial statements
More informationFAQs New Service Organization Standards and Implementation Guidance
FAQs New Service Organization Standards and Implementation Guidance During the past two years several significant changes have occurred in audit and attest standards for reporting on controls at service
More informationSAS No. 70, Service Organizations
SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing
More informationProtecting your brand in the cloud Transparency and trust through enhanced reporting
Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business
More informationShared Service System Audits: What User Management and Auditors Need to Know
Shared Service System Audits: What User Management and Auditors Need to Know JFMIP May 2014 Presented by: Robert Dacey GAO Session Objectives Properly using SSAE 16 service organization audit reports Revisions
More informationService Organization Controls. Managing Risks by Obtaining a Service Auditor s Report
Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA, CITP, Partner at RubinBrown, LLP Janis Parthun, CPA, CITP, Sr. Technical Manager
More informationFarewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting
Farewell to SAS 70 What you need to know about the New Standard for Service Organization Reporting ADVISORY rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative
More informationCybersecurity. Considerations for the audit committee
Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationAt a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.
At a glance While there are some differences, SAS 70 and SSAE 16 are substantially the same. SAS 70 is an audit standard while SSAE 16 is an attest standard. Out with the old SAS 70 and in with the new
More informationValue from Big Data really?
Value from Big Data really? DAMA SA Chapter Meeting: Johannesburg 24 June 2014 Let s talk about Big Data! Page 2 Is Digital Transformation really happening? 1993 2013 Page 3 But before we do that; where
More informationReports on Service Organizations Where we ve been?
Reports on Service Organizations Where we ve been? What s changing? How does this impact Internal Audit? Eric Wright Shareholder Frank Dezort Senior Manager Schneider Downs & Co., Inc. May 2, 2011 Overview
More informationService Organization Control (SOC) Reports
Service Organization Control (SOC) Reports Transitioning from SAS 70 to SSAE 16 Deloitte & Touche LLP Agenda Overview SAS 70/SSAE 16 Historical Perspective The New Framework Under SSAE 16 (SOC 1) Impact
More informationG24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP
G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the
More informationSECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
More informationThe Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011
The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 Table of Contents A Short History of SAS 70 Overview of SSAE 16 and ISAE 3402
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationThe silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
More informationCSA Position Paper on AICPA Service Organization Control Reports
CSA Position Paper on AICPA Service Organization Control Reports February 2013 2013, Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link
More informationHot Topics in IT. CUAV Conference May 2012
Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationMonitoring Outside Service Providers, Part III: SAS 70 Updates
Monitoring Outside Service Providers, Part III: SAS 70 Updates Richard F. Fischer, CPA Louis Plung & Company, LLP richard.fischer@louisplung.com 412-281-8771 CHANGES TO SAS 70 SERVICE ORGANIZATIONS: Statement
More informationSSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards
A Member of OneBeacon Insurance Group SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards Author: Jack Fletcher, Risk Control Technology Specialist Published: November 2014 Executive
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationSSAE 16 Everything You Wanted To Know But Are Afraid To Ask. Kurt Hagerman CISA, CISSP, QSA Managing Director, Coalfire December 8, 2011
SSAE 16 Everything You Wanted To Know But Are Afraid To Ask Kurt Hagerman CISA, CISSP, QSA Managing Director, Coalfire December 8, 2011 1 Agenda SAS 70 Misunderstood and Overused o Why the change? SSAE
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationService Organization Controls. Managing Risks by Obtaining a Service Auditor s Report
Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA/CITP, Partner at RubinBrown, LLP Janis Parthun, CPA/CITP, Sr. Technical Manager
More informationClosing the gap. 2014 Wealth Management Survey
Closing the gap 2014 Wealth Management Survey Contents Foreword 02 03 05 13 19 27 35 37 Closing the gap: 2014 Wealth Management Survey 1 Foreword 1. Clients and advisors both cite holistic goal planning
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2014 through September 30, 2015 Independent SOC 3 Report for the Security and Availability Trust
More informationCloud Computing Risk Assessment
Cloud Computing Risk Assessment A Case Study Sailesh Gadia, CISA, ACA, CPA, CIPP, is a director/senior manager at KPMG s advisory practice in Minneapolis, Minnesota, USA. He has an extensive background
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationRisk appetite as a dynamic management tool
Risk appetite as a dynamic management tool Background The topic of risk appetite is at the centre of attention currently. There are various reasons for this: the financial crisis, which has made it clear
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More information12/11/15. Evolving Cybersecurity Risks. Agenda. The current cyber risk landscape Overview. Results on EY s Global Information Security Survey
Evolving Cybersecurity Risks Results on EY s Global Information Security Survey Agenda Market insights: What are we seeing? Factoring cybersecurity into your planning and risk appetite Marketplace response
More informationTHE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT
THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT White Paper www.a3freightpayment.com THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT Introduction An essential element
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More information2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT)
2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT) November, 2012 Note: This document has been produced for the sole use of National Association of State
More informationIAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen
More informationRelationships that bring possibilities to life. The EY internship program
Relationships that bring possibilities to life The EY internship program Learn more Do more Grow more The EY International Intern Leadership Conference (IILC) Explore, engage, initiate! The IILC is full
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationSOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or
More informationHow To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More informationFrequently asked questions: SOC 2 and 3
1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More informationService Organization Control (SOC) reports What are they?
Service Organization Control (SOC) reports What are they? Jeff Cook, CPA, CITP, CIPT, CISA June 2015 Introduction Service Organization Control (SOC) reports are on the rise in the IT assurance and compliance
More informationInformation for Management of a Service Organization
Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure
More informationPerspectives on Cybersecurity and Its Legal Implications
Survey Results 2015 Perspectives on Cybersecurity and Its Legal Implications a 2015 survey of corporate executives The National Institute of Standards and Technology (NIST), a non-regulatory agency of
More informationFEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05. Cyber Risk Management Guidance. Purpose
FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05 Cyber Risk Management Guidance Purpose This advisory bulletin provides Federal Housing Finance Agency (FHFA) guidance on cyber risk management.
More informationDodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare
Dodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare Strengthening Cybersecurity Defenders #ISC2Congress Healthcare and Security "Information Security is simply a personal
More informationCustomer-Facing Information Security Policy
Customer-Facing Information Security Policy Global Security Office (GSO) Version 2.6 Last Updated: 03/23/2015 Symantec Corporation Table of Contents Compliance Framework... 1 High-Level Information Security
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationLexisNexis Emerging Issues Analysis
2012 Emerging Issues 6204 Research Solutions February 2012 Click here for more Emerging Issues Analyses related to this Area of Law. On October 13, 2011, the Division of Corporate Finance of the Securities
More informationUnderstanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016
Understanding SOC Reports for Effective Vendor Management Jason T. Clinton January 26, 2016 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2012 Wolf & Company, P.C. Before we
More informationAbout the Presenter. Presentation Objectives. SaaS / Cloud Computing Risk Management AICPA Attest Alternatives
SaaS / Cloud Computing Risk Management AICPA Attest Alternatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationBaker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Agenda 1) A brief perspective on where SOC 3 originated
More informationHow To Be Prepared For A Cybercrime
Cybersecurity and the Internet of Things June 2015 What is the Internet of Things? Agenda What is the Internet of Things?..2 The many and various benefits of IoT...7 The rise of the cyber threat..13 The
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationISO27032 Guidelines for Cyber Security
ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance
More informationService Organization Control Reports
SAS 70 ENDS EXIT TO SSAE 16 Service Organization Control Reports What Did We Learn from Year One? Agenda Definitions Service Organization Reports What are they? Year One Experiences SSAE 16 Year One Experiences
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationUsing the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6
to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized
More informationCopyright 2015, American Institute of Certified Public Accountants, Inc. All Rights Re... STATEMENT ON STANDARDS FOR CONSULTING SERVICES
Page 1 of 7 Consulting Services CS Section STATEMENT ON STANDARDS FOR CONSULTING SERVICES Statements on Standards for Consulting Services are issued by the AICPA Management Consulting Services Executive
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More information(or required) to sign up for managed care programs. Depending on the state, Medicaid managed care may be voluntary or mandatory.
HEALTH CARE INSIDER VOLUME 5 :: ISSUE 3 In This Issue: Medicaid Managed Care Continues To Expand Across The US Health Care Cyber Threats And Data Security Medicaid Managed Care Continues To Expand Across
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationResponses: Only a 0% Only b 100% Both a and b 0% Neither a nor b 0%
The Cyber Security Council has requested basic "state of the state" cyber security information from each member firm of the Association. While the information that was requested in the survey questionnaire
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationC DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP
C DIG CSCSS / DEFENCE INTELLIGENCE GROUP COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE C DIG CSCSS / DEFENCE INTELLIGENCE GROUP
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationCybersecurity Credentials Collaborative (C3) cybersecuritycc.org
Cybersecurity Credentials Collaborative (C3) cybersecuritycc.org October 2015 Collaboration Members Certification Matters The Cybersecurity Credentials Collaborative (C3) was formed in 2011 to provide
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationSOC Readiness Assessments. SOC Report - Type 1. SOC Report - Type 2. Building Trust and Confidence in Third-Party Relationships
Building Trust and Confidence in Third-Party Relationships Today s businesses rely heavily on outsourcing certain business tasks or functions to service organizations, even those that are core to their
More informationGoodbye, SAS 70! Hello, SSAE 16!
Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70
More informationprovide funding as an incentive to
HEALTH CARE INSIDER VOLUME 6 :: ISSUE 1 In This Issue: Electronic Health Records Benefits And Concerns ELECTRONIC HEALTH RECORDS BENEFITS AND CONCERNS INTRODUCTION As the new year begins, the health care
More informationStates at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent
SESSION ID: PNG-R04 States at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent MODERATOR: Christopher Ipsen CIO Nevada Desert Research Institute PANELISTS: Tim Hastings Chief Information
More informationThird party assurance services
TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent
More informationSecurity and Privacy Trends 2014
2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,
More informationASSESSMENT REPORT 13 19. Federal PKI Compliance Report September 6, 2013
ASSESSMENT REPORT 13 19 Federal PKI Compliance Report September 6, 2013 Date September 6, 2013 To Chief Information Officer From Inspector General Subject Assessment Report Federal PKI Compliance Report
More informationAlternative Investment Fund Managers Directive. What does this mean for your business?
Alternative Investment Fund Managers Directive What does this mean for your business? Background to the Alternative Investment Fund Managers Directive (AIFMD) The Alternative Investment Fund Managers (AIFM)
More informationWhich Describes Your Cybersecurity Program Eager Beaver or Deer in Headlights? October 29, 2015
Which Describes Your Cybersecurity Program Eager Beaver or Deer in Headlights? October 29, 2015 What you will learn. How to apply the results from The Office of Compliance Inspections and Examinations
More informationLeveraging Regulatory Compliance to Improve Cyber Security
Leveraging Regulatory Compliance to Improve Cyber Security Leveraging Regulatory Compliance to Improve Cyber Security Brian Irish, Cyber Security Assurance Manager Salt River Project LEVERAGING REGULATORY
More informationCYBER SECURITY FOUNDATION - OUTLINE
CYBER SECURITY FOUNDATION - OUTLINE Cyber security - Foundation - Outline Document Administration Copyright: QT&C Group Ltd, 2014 Document version: 0.2 Author: N R Landman (MD and Principal Consultant)
More information9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania
Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of
More information