Having an effective cyber incident management process is important because it helps an organization respond to attacks and restore normal operations timely and securely. Having cyber incident response and recovery plans in place has become even more critical due to the higher likelihood of cyberattacks caused by the pandemic, geopolitical events, and more sophisticated threat actors. Effective response and recovery controls also enable compliance with cyber incident disclosure requirements.
The impacts from cyberattacks have been growing for some time, and cybersecurity risks are consistently ranked among the most significant business risks. The subject of Cybersecurity Incident Response and Recovery covers risks and controls that generally correspond to the NIST CSF “Respond” and “Recover” functions. This GTAG is written to give an overview of the relevant risks and controls in this subject area, to help IA managers, directors and CAEs with planning and scoping audit engagements. To assist in those efforts, there are numerous references to external control frameworks, which, if used effectively, can help with the development of insightful audit approaches.
This course is an adaptation of a webcast from July 13, 2022.