的 内部审计 Foundation’s 2024 edition of the North American Pulse of 内部审计 Benchmarks for 内部审计 Leaders provides invaluable insights into the state of internal audit, and this edition has a special focus on cybersecurity. 该报告载有基金会进行的关键指标和调查结果，并包括与审计优先事项和大流行病后恢复有关的数据.

自2008年以来，该报告一直是内部审计和组织领导的重要指导来源. It speaks to both current conditions and long-term trends in the internal audit space. By highlighting key areas of focus for internal audit functions, 该报告帮助内部审计人员对其活动进行优先排序，并有效地分配资源，以确保内部审计工作与组织面临的最重大风险保持一致.

的 最新的研究结果 emphasize the prominent role of technology, 尤其是网络安全和IT, 作为主要关注的领域. 网络安全 and IT have emerged as the foremost risks, with additional attention on third-party relationships, 合规/监管问题, 以及操作上的挑战.

令人震惊的是，78%的受访首席审计执行官和董事认为网络安全威胁的风险很高或非常高. That’s a significant increase from the 60% who felt that way in 2017. Only 21% of respondents say the risk is moderately high, and 1% believe the risk is low. This shows that auditors are more worried about cyber threats than ever before.

根据调查, 应对网络安全和IT风险的努力占内部审计计划的近20%, exceeding the allocation for operational, 财务报告, 以及合规/监管领域. 这一重要的统计数据凸显了人们对网络安全日益增长的担忧，并强调了制定有效管理这些风险的深思熟虑的战略的必要性.

在日益数字化的世界中，内部审计计划在解决网络安全和IT风险方面发挥着至关重要的作用. 这包括找到弱点, 确定需要改进的地方, and reporting findings to senior management and the board. 为了实现这些目标，内部审计师应该问自己这些问题:

• Am I aware of the IT department’s chosen adopted security framework?
• Have we conducted a regular assessment of our cyber maturity?
• 我们使用哪些关键绩效指标来衡量网络安全控制和IT流程的有效性?

If any of the answers to these questions is no, it may be time to reassess the audit plan.

内部审计师在保护公司免受网络威胁方面发挥着特殊作用. Today, their job goes beyond just checking the company’s finances. 的y also look closely at how the company uses technology and protects its information.

通过彻底的检查和 风险评估, internal auditors can find weaknesses and suggest ways to mitigate risks. 他们还确保公司的技术安全措施符合其目标和需要遵守的规则.

深入风险评估

确保信息安全的强大计划始于对公司技术及其保护方式的深入了解. 对网络成熟度和网络安全控制的稳健性进行定期评估至关重要. 这些评估使审核员能够揭示潜在的漏洞并查明需要改进的领域, 确保加强安全态势.

发布的风险

风险识别过程是网络安全评估过程的基石. Internal auditors use multiple ways to uncover where the company might be vulnerable. 的y work closely with stakeholders in the company, 仔细查看文件, and evaluate the technology configurations. Understanding the specifics of these vulnerabilities, along with the overarching threat landscape, is necessary to craft effective mitigation tactics.

提升组织安全

In the quest to fortify cybersecurity, a multi-faceted strategy is essential. This strategy encompasses rigorous risk assessment, 坚实的治理, 持续的员工培训, and the implementation of stringent security controls. 通过优先考虑这些元素, organizations can enhance their defense mechanisms against cyber threats.

启动详细的风险评估对于识别和排序潜在的漏洞和威胁至关重要. This proactive measure makes sure cybersecurity efforts are targeted accurately, optimizing the use of resources to protect against the biggest risks.

管治及政策发展

建立明确, comprehensive cybersecurity policies is the bedrock of a secure operational ecosystem. 这些政策, crafted in alignment with industry benchmarks and legal mandates, serve as the framework for a cohesive cybersecurity strategy. 的y guide organizational conduct and establish benchmarks for security practices, reinforcing the organization’s commitment to cybersecurity.

培养安全意识

创造一种人人都知道如何安全上网的工作文化至关重要. 通过定期, 有吸引力的培训课程, employees learn about digital hygiene and how to spot phishing attempts. 的y also understand the importance of using the internet safely. 让员工掌握这些知识，使他们成为组织抵御网络入侵的第一道防线.

加强访问控制

实现严格的访问控制是保护敏感信息免遭未经授权访问的关键步骤. 组织可以通过坚持最小特权原则和使用多因素身份验证来提高其安全级别. 这减少了…的机会 数据泄露 和网络攻击.

通过这些协调的努力, 内部审计员在引导其组织走向更安全、更有弹性的网络安全立场方面做出了重大贡献. 他们的专业知识和积极主动的态度是对抗网络威胁的宝贵资产.

网络安全 represents an ongoing process rather than a final goal. 组织必须强调内部审计师在维护网络安全方面的关键作用. 具备适当的专业知识, 仪器, 和协作, 内部审计人员在引导组织走向安全的数字环境方面发挥着关键作用.

网络安全威胁的不断演变要求内部审计人员采取适应性强、具有前瞻性的方法. 通过跟上 最新趋势 and threats in cybersecurity, internal auditors can foresee and address risks. 这种警惕有助于确保他们的组织在不断发展的数字环境中保持安全.

Looking ahead, the significance of cybersecurity within the audit process is undeniable. Armed with the right tools and know-how, internal auditors play a critical role in helping their companies handle threats. By adopting innovative approaches and collaborating with security professionals, 内部审计师可以为创建一个安全、有弹性的数字环境做出重大贡献.

与 安全咨询 服务以及与LBMC等网络安全合作伙伴的合作为组织提供了专家指导，以改进其安全实践. 的se partnerships bring specialized knowledge and fresh perspectives, 通过提供全面的风险评估，为安全策略做出重大贡献, 政策发展, 以及对重要文件的审查. 内部审计人员和外部网络安全专家之间的这种合作对于制定明确的目标和行动计划、改善组织的整体安全基础设施至关重要.

LBMC’s Contribution to 网络安全 and 内部审计ing

LBMC specializes in providing personalized cyber安全咨询 services. 我们提供多种选择, helping organizations enhance their current programs or start new ones. Services range from policy formulation, and adherence to security standards, to providing Virtual Chief Information Security Officer (vCISO) services.

明升体育app下载 外包内部审计服务 address a wide variety of organizational requirements. 这些服务从操作方面延伸到财务和合规风险评估, 涵盖全面的需求范围.

Content provided by LBMC 网络安全 professional – Garrett Zickgraf.