Chapter 1

Introduction and Background

This chapter introduces cybersecurity and discusses why it has become a top concern for boards of directors, senior management, and others. This chapter also provides an overview of an examination of an entity’s cybersecurity risk management processes and controls (referred to as an entity’s cybersecurity risk management program) and related report designed by the AICPA to meet the informational needs of intended users. Finally, the chapter discusses the professional standards practitioners are required to follow when performing the examination.

Introduction

1.01 Almost every day a new cyberattack is announced in the media. Nation states, hackers, organized crime, and malicious insiders are attacking entities because of who they are, what they do, or the information they possess. Sometimes, the attacks are launched simply to cause a business disruption or broader economic interruption. Banks, big-box retailers, government agencies... it seems that none are immune from cyberattacks. Along with the increased number of reported attacks, the number of victims and the amount of information compromised by each attack is also increasing.

1.02 Cybersecurity has become a top concern for boards of directors and senior executives of many entities throughout the country, regardless of their size or the industry in which they operate. In addition, governmental officials are also concerned about cybersecurity at governmental agencies and departments. ...

Get Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial