Cybersecurity and the role of internal audit, an urgent call to action: The forces driving business growth and efficiency contribute to a broad attack surface for cyber assaults. How is the end user protected with good service while not being compromised?
- First Line includes internet, cloud, mobile, and social technologies, now mainstream, are platforms inherently oriented for sharing. Outsourcing, contracting, and remote workforces are shifting operational control.
- Second line includes information and technology risk management leaders who establish governance and oversight, monitor security operations, and take-action as needed, often under the direction of the chief information security officer (CISO)
- Third line of cyber defense—independent review of security measures and performance by the internal audit function. Internal audit should play an integral role in assessing and identifying opportunities to strengthen enterprise security. At the same time, internal audit has a duty to inform the audit committee and board of directors that the controls for which they are responsible are in place and functioning correctly, a growing concern across boardrooms as directors face potential legal and financial liabilities.