CHAPTER 23 Cybersecurity, Hacking Risks, and Privacy Controls

In today’s world of Web-dominated IT systems as well as ever more complex networked and wireless communications, security and privacy controls over data and information are important for enterprises as well as individual systems users. Almost every day we hear about, or sometimes experience ourselves, situations where our key systems files and data have been improperly accessed or hacked, or vital personal files and records have been stolen, altered, or given to an unauthorized perpetrator. Some of these, what we call cybersecurity breaches, are often simply the result of poor internal controls, but others are the products of highly sophisticated data penetration schemes. While such complex cybersecurity breaches are beyond the technical skills of many to forestall, others can be prevented by strong IT cybersecurity controls, which make up a very important area of internal audit IT controls concerns.

This chapter describes some of the more significant cybersecurity issues and risks of today and discusses IT cybersecurity and privacy controls in two broad areas. First, we will focus on some of the many cybersecurity and privacy threats that internal auditors should consider in their reviews of IT-based systems and processes. We have limited our focus to only “some” of these process areas because the field of IT security controls is vast and sometimes raises highly technical issues beyond the skills of many internal ...

Get Brink's Modern Internal Auditing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.