Managing security and privacy for an organization is not an IT issue—it is a business issue requiring a comprehensive, risk-based approach to manage. Because of the risk and impact to the internal control environment, information security risk is an absolute must when outlining topics to address in the audit risk assessment and audit planning process.
The fact that managing security and privacy is a growing business issue was reflected in the popularity of our Manage Security and Privacy Risk and Control Matrix (RCM).
If you are a KnowledgeLeader subscriber but haven’t viewed this document just yet, take a minute to do so now. This RCM outlines risks and controls common to the "manage security and privacy" process. Sample risks include:
- Inappropriate collection of personal data
- Lack of monitoring and compliance with the company's policies and procedures
- Inadequate safeguarding of IT infrastructure (servers, applications, internet protocol [IP], networks) can lead to phishing attacks, data loss and theft
- Unauthorized access may be gained to important data, which could result in loss, misuse and theft in the company
- Access is given to individuals so they can review and update their personal information
If you enjoyed this document, you can access other RCMs here as a KnowledgeLeader subscriber.