Cybersecurity

The IIA provides perspectives, insights, tools, and resources to support your needs in Cybersecurity, so use this resource page to access the latest information.

An IIA & EY Report: “The Risky Six: Key Questions to Expose Gaps in Board Understanding Of Organizational Cyber Resiliency Practitioners and researchers from The IIA and EY conducted extensive analysis to determine the root cause of how and why boards within all industries get a skewed picture of their organizations’ ability to protect themselves from cyber-related risks with the requisite resiliency. The team identified six key questions that if unanswered likely mean a disconnect exists. Download now and learn the six key questions that must be asked to expose gaps in board understanding of organizational cyber resiliency .

​
Latest Articles and Blogs Garner insights and leading practices from internal audit leaders: Cybersecurity in the Public Sector 20 Questions Internal Auditors Should Be Asking Pandemic Poses Dual Cybersecurity Challenges Balancing Transformation and Security Assessing Third-party Technology Risks Trusted for Technology The Rising Tide of Cyber Risk Is Cybersecurity the Next Sarbanes-Oxley? When the SEC Speaks About Cybersecurity, We'd All Better Listen Tech vs. Fraud The IT Governance Gap Heightened Focus on Security Risk Guarding Against Ransomeware The Internet of Risks Repairing the Weakest Link Auditing Cyber Resiliency	Trending and Research Explore thought leadership, reports, guidance, and research: OnRisk 2021 – Cybersecurity Remains a Top Risk Internal Audit’s Digital Transformation Imperative: Advances Amid Crisis – Analyzing the Impact of 2020 on Internal Audit Functions’ Implementation of Technology 2021 Pulse of Internal Audit: The Many Sides of Crisis Privacy and Data Protection Part 1: Internal Audit's Role in Establishing a Resilient Framework Insight That Internal Audit Brings to Cybersecurity Culture​ The Security Intelligence Center—Next Steps: Beyond Response to Anticipation Cyber Resilience Technology Auditing Capabilities Cyber Liability Insurance Perspectives on Cyber Resilience: Public Sector Focus	Guidance and Tools Leverage the Standards, guidance, and effectively manage AI cybersecurity: NEW! Cybersecurity Toolkit IG: 2000 - Managing the Internal Audit Activity IG: 2010 - Planning IG: 2100 - Nature of Work IG: 2110 - Governance IG: 2120 - Risk Management IG: 2130 - Control GTAG: IT Essentials for Internal Auditors​ GTAG: Auditing IT Governance GTAG: Assessing Cybersecurity Risks: The Three Lines Model GTAG: Business Continuity Management GTAG: Change and Patch Management Controls GTAG: Identity and Access Management GTAG: Auditing Business Applications

Assessing Third-party Technology Risks Facebook suffered two separate data breaches in 2019 that were traced to third-party companies that lacked sufficient controls to protect authentication credentials, Wired reports. One third party left 540 million access credentials exposed on a publicly accessible server, and a second company did not protect 22,000 user IDs and passwords. Read more at InternalAuditor.org.

​
Resources and Services The IIA provides a variety of professional services and tools: Benchmarking - Audit Intelligence Suite Quality Services and Resources Audit Executive Center Guidance: International Professional Practices Framework®(IPPF®) Risk Resource Exchange Blogs	Video Hear from subject matter experts the latest tips and best practices on Audit Channel: Transportation Risk: Cybersecurity Cybersecurity: Collaborative Assurance Cybersecurity: Threats and Expertise The State of Cybersecurity: Part 1 The State of Cybersecurity: Part 2 The State of Cybersecurity: Part 3 New Security Controls to Fight Modern Threats, Pt 3 Proactively Managing the Cyber Threat Landscape, Pt 1	Conferences and Courses Strengthen your knowledge and skills through conferences and courseware: Cybersecurity Virtual Symposium Governance, Risk, and Control Conference™ Assessing Cybersecurity Risks: The Three Lines Model Auditing Insider Threats Application Security Logical Security: The Network Layer Vision University General Audit Management Conference™