Doron Rozenblum

Managing Partner, Kreston Israel, and Chair of its Global Internal Audit Group. Kreston Global

www.kreston.co.il

Doron is the Managing Partner of Kreston-Ezra Yehuda-Rozenblum, based in Israel, where he leads their Risk Advisory Services practice. He has over 25 years of experience in risk management, internal auditing, and control design and assessment, and specializes in helping organizations understand and assess risks within their operations, assessing the design of processes and controls, and providing tailored solutions to enhance internal audit effectiveness and value. In addition, he is the Vice President of The Institute of Internal Auditors in Israel.

Auditing cyber incident response and recovery

August 18, 2022

Cyber incident audits are becoming the best defence for cyber attacks, setting in place response and recovery plans to minimise risk. Cybersecurity attacks are increasing, exploiting vulnerabilities in networked systems and devices. Attacks are increasingly sophisticated, threatening technologies by criminal enterprises, state-sponsored hackers, and others, with malicious intentions.

Technology as the risk driver

The IIA’s 2022 North American Pulse of Internal Audit benchmarking survey reports that “technology is the common risk driver of the top three highest risk areas — cybersecurity, IT, and third-party relationships, which often include IT services.”

Internal auditors and risk managers consistently rank them among the biggest risks to the business. They know that how companies respond to such attacks can be the difference between a small security incident and a major catastrophe, so they routinely target them for internal audits.

Auditing the cyber incident response

Auditing the cyber incident response and recover system is no easy task, learning how to assess cybersecurity and technology is like any other new proficiency. Auditors need to take those initial steps to get started and do what internal audit does best: Do a little homework and ask good questions. However, in hopes of making it easier, the Institute of Internal Auditors (IIA) has released a new guide available free for IIA members, “Auditing Cyber Incident Response and Recovery.” The guide, which is part of the IIA’s Global Technology Audit Guide or GTAG series, covers risks and controls that correspond to the NIST CSF “Respond” and “Recover” functions.

Risk and controls for cyber incidents

The GTAG gives an overview of the relevant risks and controls in this area to help an internal audit activity with planning and scoping audit engagements. References to external control frameworks are offered, which, if used effectively, can help with the development of insightful audit approaches.

This guide will help internal auditors:

Define cyber incident response and recovery.
Develop a working knowledge of relevant processes, including related governance and risk management controls.
Understand risks and opportunities associated with cyber incident response and recovery.
Identify components of cyber incident response and recovery, including contributions from governance, risk management, and
planning processes, as well as controls to test and execute response and recovery plans.
Consider relevant control guidance in widely used IT-IS frameworks to increase the value of assurance and advisory services provided by the internal audit activity.
Understand the basics of auditing cyber incident response and recovery, including specific controls to be evaluated.

Safeguarding against cyber incident

Cyber incident response and recovery controls safeguard the confidentiality, integrity, and availability of systems and data, by providing critical layers to a defence in depth strategy.

An Internal Audit engagement would usually examine and determine whether response and recovery plans were designed and implemented effectively to enable timely service restoration.

Why choose Kreston Global for your cyber incident audit?

Our expert audit consultants today are on hand to discuss our range of services, including the cyber incident audit. We have a network of 160 independent accounting firms across more than 115 countries. Wherever you are in the world, choose Kreston Global to assist with your business needs. Speak to us today.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	This cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
device_id	10 years	Cookie used to maintain a local copy of the user's unique identifier.
viewed_cookie_policy	11 months	This cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not a user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
currency	1 year	This cookie is used to store the currency preference of the user.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
ac_enable_tracking	1 month	This cookie is set by Active Campaign to denote that traffic is enabled for the website.
device_view	1 month	This cookie is used for storing the visitor device display inorder to serve them with most suitable layout.

Cookie	Duration	Description
__kla_id	2 years	Cookie set to track when someone clicks through a Klaviyo email to a website.
_ga	2 years	This cookie is installed by Google Analytics. It is used to calculate visitor, session and campaign data and it also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors.
_ga_M0XVMQMRZ1	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_188891991_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_gtag_UA_7661078_5	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. It is used to store information on how visitors use a website and helps to create an analytics report on how the website is performing. The data collected includes the number of visitors, the source of visitors and the pages visited in an anonymous form.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	16 years 5 months 19 days 16 hours 12 minutes	These cookies are set via embedded YouTube videos. They register anonymous statistical data e.g. how many times the video is displayed and what settings are used for playback. No sensitive data is collected unless you log in to your Google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
hl	1 year	No description available.
ln_or	1 day	No description
prism_800686921	1 month	No description
SFSESSIDPROD	2 days	No description
SFSESSIDPROD_SH	session	No description

Choose your business type

Latest news

Luxembourg firm joins Kreston Global network

Accountancy services

Advisory services

Audit and Assurance

Outsourcing services

Tax services

Indirect taxes

Client success stories

Prix Import, Gabon, Central Africa

Our network

Insight

Sustainability

Our membership

Opportunities

Our history

Knowledge