Managing security and privacy for an organization is not an IT issue—it is a business issue requiring a comprehensive, risk-based approach to manage. Because of the risk and impact to the internal control environment, information security risk is an absolute must when outlining topics to address in the audit risk assessment and audit planning process.
In November 2013, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) will formally release long-anticipated updates to ISO/IEC 27001 and 27002. The last time these standards were updated was in 2005.
Throughout the year, Protiviti conducts research and publishes insightful thought leadership on a broad range of issues affecting publicly held companies, ranging from today’s top risks to internal audit, SOX compliance, and IT security and privacy. Protiviti also regularly addresses key market developments, such as this year’s release by COSO of its new Internal Control – Integrated Framework.
I once read an article that stated that many people worry about accidental death, particularly in ways that are very frightening, like poisonous snakes or spiders, or even alligator attacks. This same article noted that based on official death statistics, the vast majority of people actually die from chronic health causes, including heart attacks, obesity and other ailments that result from poor attention to long-term personal fitness. In 2003, accidental deaths in the United States numbered around 100,000; chronic health-related deaths were more than 2.4 million.
No matter your industry or business model, privacy and security are going to be a top concern of your customers and stakeholders.Striking that balance between user experience, marketing viability and data sensitivity might be the most difficult task a company will face in 2013. In an effort to ensure privacy and data security many companies will perform systematic IT audits. This allows the company to verify that proper controls are in place and also provide documentation of those controls for outside agencies.
If your company is doing a Privacy and Data Sensitivity Audit, get a head start on the reporting!
Add a Comment: