Question
U.S. include Target Corp., Home Depot Inc., the Internal Revenue Service, and other government agencies such as the Office of Personnel Management. Companies and governments
U.S. include Target Corp., Home Depot Inc., the Internal Revenue Service, and other government agencies such as the Office of Personnel Management. Companies and governments need to consider the risks of a cyberattack, and consider backup plans in the event a cyberattack results in a loss of hardware, software, or data. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a thought paper, COSO in the Cyber Age, to help organizations assess and mitigate risks associated with cybersecurity through the existing COSO Framework. Visit the COSO Web site (www.coso.org), and refer to the Guidance tab. Read the thought paper to answer the following questions:
Required
-
The COSO guidance acknowledges that cyber risk is not something that can be avoided; instead it must be managed. Why is cyber risk unavoidable? Does this acknowledgement make it more or less difficult to address and mitigate cyber risk?
-
At the control environment level (the first of the five components of internal control), what should organizations do to address cyber risk?
-
The paper identifies five broad categories of cyberattack perpetrators and motivations. Briefly describe each group of perpetrators and their motivation.
-
What types of control activities are recommended to address cyber risks?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started