COSO in the cyber age
Using COSO 2013 and internal controls to help manage cyber risks
As organizations consider the evolving risks associated with cyber security, the COSO Internal Control—Integrated Framework (2013 Framework) provides an effective and efficient approach to evaluate and manage these risks.
COSO in the Cyber Age
COSO in the Cyber Age, a new research report released by The Committee of Sponsoring Organizations of the Treadway Commission (COSO), provides direction on how COSO’s Internal Control-Integrated Framework (2013 Framework) can help organizations effectively and efficiently evaluate and manage cyber risks.
The report, written by Cyber Risk Services Director Mary Galligan and Senior Manager Kelly Rau, both of Deloitte & Touche LLP, provides direction on managing cyber risk through the lens of the 2013 Framework. The paper discusses how COSO’s internal control components and principles can be leveraged to help mitigate cyber risk impacts by establishing a clear tone from the top regarding the importance of protecting information assets, identifying critical information assets and how cyber attacks may occur, using layers of preventative and detective controls to address identified risks, establishing appropriate lines of communication internally and externally, and developing effective monitoring of cyber risks and controls.