Professional Documents
Culture Documents
In this more complex cyber-world, investors and regulators call for more
transparency relating to boards oversight of cyber risks. Boards need to
appreciate the key issues around cyber security and adopt best-practice
approaches not only for cyber risk management but also for the purposes
of disclosure.
An increasing number of board and audit committee members are starting
to consider cyber security risks as part of the Enterprise-wide Risk
Management (ERM) process. Yet, in some organisations, the management
and oversight functions regard cyber risk as nothing more than just an
IT issue.
Numerous surveys quote cyber risks amongst boards top risks; however the
level of understanding of the implications of these risks to their organisation
- reputational, legal and supply chain risks - is not necessarily sufficient.
Baseline
Evolving
Intermediate
Advanced
Innovative
Create inventory of
IT assets with their
location
Incorporate IT security
requirements and
assurance in the
agreements
Stakeholders:
vendors, partners, legal, sourcing/purchasing, IT, compliance
4
With increasing cyber threats and the significant number of cyber breaches
during the last few years, the UK government and security not-for-profit
organisation Cyber Streetwise have issued guidance on how organisations
can protect themselves in cyberspace.
2. Secure configuration
5. Patch management
4. Malware protection
Assign
responsibilities
and ensure their
understanding
Perform a risk
assessment
and develop
scenarios
Develop process
for making
critical decisions
Train and
practice
Develop and
maintain
documentation
of the plan
Develop
communication
plan
Perform
an external
assessment
Obtain
benchmark and
best practices
Implement
action from the
gap analysis
provided during
the external
assessment
Why Mazars?
Tailored approach
each client.
Solutions orientated
Value driven
highest priority.
Mazars LLP is the UK firm of Mazars, an international advisory and accountancy organisation, and is a limited liability partnership registered in England with
registered number OC308299. A list of partners names is available for inspection at the firms registered office, Tower Bridge House, St Katharines Way,
London E1W 1DD.
Registered to carry on audit work in the UK and Ireland by the Institute of Chartered Accountants in England and Wales. Details about our audit registration
can be viewed at www.auditregister.org.uk under reference number C001139861.
Mazars LLP 2016-01 32212
www.mazars.co.uk