- Anti-Phishing Report Group noted 250% increase in phishing activity between 10/2015 and 3/2016 and nearly 300K unique phishing sites just in Q1 of 2016
- UK’s Telegraph noted about 80% drop in digital attacks
- University of Calgary reported a digital state of emergency when malware infection resulted in shutting down the university’s infrastructure just as an international academic event was being hosted for over 8000 participants. A similar event happened to MedStar, a healthcare provider.
So while banks are heavily investing in securing systems/infrastructure, cyber programs may be a step behind in general, or are not as mature for Internal Audit departments, for example. A few industry comments summarized on where to begin, from Linkedin post:
Approach:
- Continuious / non-static review and as important as the framework maybe, value of output is key
- Study Governance structure and IT framework which will lead to 2-4 year audit program/cycle
Major to-dos:
- Map IT audit universe
- Determine risk and gap assessment
- Conduct risk assessment
Audit types listed: Operational, management, business risk, HR, financial, IT, incident, problem, backup, log, data center, outsourcing, application, 3rd-party management
And, prevalent topics offered: Access control – on/off-boarding, Change management, Anti-malware.
We'll update as more weigh in on the IA topic...
No comments:
Post a Comment