4 The Three Lines of Defense and Cybersecurity

In the wake of the financial crisis, the Institute of Internal Auditors (IIA) came up with a model for risk management and called it the Three Lines of Defense (3LoD) model. 3LoD traces its origins to the managing of operational risk in large organizations, especially financial institutions. However, in the recent past, this has slowly gained traction in the cybersecurity world, too. The main objective of the 3LoD framework is to ensure the effective segregation of duties for all business functions and better accountability for the stakeholders of those functions.

As we saw in earlier chapters, one of the major functions of IT risk management is to have an effective delineation between the risk ...

Get ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide by Shobhit Mehta

4

The Three Lines of Defense and Cybersecurity

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly