A growing number of organizations have been the target of hacking attacks, or cyberattacks, in recent years.

Question:

A growing number of organizations have been the target of hacking attacks, or cyberattacks, in recent years. High-profile examples in the U.S. include Target Corp., Home Depot Inc., the Internal Revenue Service, and other government agencies such as the Office of Personnel Management. Companies and governments need to consider the risks of a cyberattack, and consider backup plans in the event a cyberattack results in a loss of hardware, software, or data. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a thought paper, COSO in the Cyber Age, to help organizations assess and mitigate risks associated with cybersecurity through the existing COSO Framework. Visit the COSO Web site (www.coso.org), and refer to the "Guidance" tab. Read the thought paper to answer the following questions:
Required
a. The COSO guidance acknowledges that "cyber risk is not something that can be avoided; instead it must be managed." Why is cyber risk unavoidable? Does this acknowledgement make it more or less difficult to address and mitigate cyber risk?
b. At the control environment level (the first of the five components of internal control), what should organizations do to address cyber risk?
c. The paper identifies five broad categories of cyberattack perpetrators and motivations. Briefly describe each group of perpetrators and their motivation.
d. What types of control activities are recommended to address cyber risks?
Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question

Auditing and Assurance services an integrated approach

ISBN: 978-0134065823

16th edition

Authors: Alvin A. Arens, Randal J. Elder, Mark S. Beasley, Chris E. Hogan

Question Posted: