Skip to Content
Press Enter

GTAG: Assessing Cybersecurity Risk

January 15, 2021

Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.
gtag-assessing-cybersecurity-risk-three-lines-model.png

Organizations of all types are becoming more vulnerable to cyber threats due to their increasing reliance on computers, networks, programs and applications, social media, and data. In response to such emerging risks, CAEs are challenged to ensure management has implemented both preventive and detective controls. CAEs must also create a clear internal audit approach to assess cybersecurity risk and management’s response capabilities, with a focus on shortening response time.

The IIA’s Global Technology Audit Guide (GTAG), Assessing Cybersecurity Risk: The Three Lines Model, was designed to help internal auditors develop competence in providing assurance over cybersecurity risks.

Assessing Cybersecurity Risk: The Three Lines Model discusses the internal audit activity’s role in cybersecurity; explores emerging risks and common threats; and presents a straightforward approach to assessing cybersecurity risks and controls.

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.