O'Reilly logo

Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls by American Institute of Certified Public Accountants

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix C

Description Criteria for Use in the Cybersecurity Risk Management Examination

This appendix is nonauthoritative and is included for informational purposes only.

The description criteria and related implementation guidance in this appendix has been extracted from Description Criteria for Management’s Description of the Entity’s Cybersecurity Risk Management Program issued in April 2017 by the AICPA’s Assurance Services Executive Committee. The complete text may be found at www.aicpa.org/cybersecurityriskmanagement.

NATURE OF BUSINESS AND OPERATIONS

DC1: The nature of the entity’s business and operations, including the principal products or services the entity sells or provides and the methods by which they are distributed

Implementation Guidance

When making judgments about the nature and extent of disclosures to include about this criterion, consider the following:

The entity’s principal markets, including the geographic locations of those markets, and changes to those markets

If the entity operates more than one business, the relative importance of the entity’s operations in each business and the basis for management’s determination (for example, revenues or asset values)

NATURE OF INFORMATION AT RISK

DC2: The principal types of sensitive information created, collected, transmitted, used, or stored by the entity

Implementation Guidance

When making judgments about the nature and extent of disclosures to include about this criterion, consider the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required