KnowledgeLeader Blog

Managing Security and Privacy Risks is a Business Issue

Posted by Lark Scheierman on Sat, Feb 27, 2016 @ 10:27 AM

""Managing security and privacy for an organization is not an IT issue—it is a business issue requiring a comprehensive, risk-based approach to manage. Because of the risk and impact to the internal control environment, information security risk is an absolute must when outlining topics to address in the audit risk assessment and audit planning process.

The fact that managing security and privacy is a growing business issue was reflected in the popularity of our Manage Security and Privacy Risk and Control Matrix (RCM)

If you are a KnowledgeLeader subscriber but haven’t viewed this document just yet, take a minute to do so now. This RCM outlines risks and controls common to the "manage security and privacy" process. Sample risks include:

  • Inappropriate collection of personal data
  • Lack of monitoring and compliance with the company's policies and procedures
  • Inadequate safeguarding of IT infrastructure (servers, applications, internet protocol [IP], networks) can lead to phishing attacks, data loss and theft
  • Unauthorized access may be gained to important data, which could result in loss, misuse and theft in the company
  • Access is given to individuals so they can review and update their personal information

If you enjoyed this document, you can access other RCMs here as a KnowledgeLeader subscriber.

Topics: risk, security, privacy, RCM, KnowledgeLeader tools

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Tour the Site

Recent Posts

Posts by Topic

see all