The impacts from cyberattacks have grown dramatically over time and are consistently ranked among the most significant business risks.
“Auditing Cyber Incident Response and Recovery” covers risks and controls that correspond to the NIST CSF “Respond” and “Recover” functions. The GTAG gives an overview of the relevant risks and controls in this area to help an internal audit activity with planning and scoping audit engagements. References to external control frameworks are offered, which, if used effectively, can help with the development of insightful audit approaches.
This guide will help internal auditors:
- Define cyber incident response and recovery and develop a working knowledge of relevant processes, including related governance and risk management controls.
- Understand risks and opportunities associated with cyber incident response and recovery, for the purposes of enterprisewide or engagement-specific assessments.
- Identify components of cyber incident response and recovery, including contributions from governance, risk management, and planning processes, as well as controls to test and execute response and recovery plans.
- Consider relevant control guidance in widely used IT-IS frameworks to increase the value of assurance and advisory services provided by the internal audit activity.
- Understand the basics of auditing cyber incident response and recovery, including specific controls to be evaluated.
Click here for more information about the guide.
The new GTAG, “Auditing Cyber Incident Response and Recovery,” was created as a follow-up to the next report: GTAG: Auditing Cybersecurity Operations: Prevention and Detection,