Doron Rozenblum
Doron Rozenblum
Managing Partner, Kreston Israel, and Chair of its Global Internal Audit Group. Kreston Global

Join Doron Rozenblum on LinkedIn

Doron is the Managing Partner of Kreston-Ezra Yehuda-Rozenblum, based in Israel, where he leads their Risk Advisory Services practice. He has over 25 years of experience in risk management, internal auditing, and control design and assessment, and specializes in helping organizations understand and assess risks within their operations, assessing the design of processes and controls, and providing tailored solutions to enhance internal audit effectiveness and value. In addition, he is the Vice President of The Institute of Internal Auditors in Israel.

Auditing cyber incident response and recovery

August 18, 2022

Cyber incident audits are becoming the best defence for cyber attacks, setting in place response and recovery plans to minimise risk. Cybersecurity attacks are increasing, exploiting vulnerabilities in networked systems and devices. Attacks are increasingly sophisticated, threatening technologies by criminal enterprises, state-sponsored hackers, and others, with malicious intentions.

Technology as the risk driver

The IIA’s 2022 North American Pulse of Internal Audit benchmarking survey reports that “technology is the common risk driver of the top three highest risk areas — cybersecurity, IT, and third-party relationships, which often include IT services.”

Internal auditors and risk managers consistently rank them among the biggest risks to the business. They know that how companies respond to such attacks can be the difference between a small security incident and a major catastrophe, so they routinely target them for internal audits.

Auditing the cyber incident response

Auditing the cyber incident response and recover system is no easy task, learning how to assess cybersecurity and technology is like any other new proficiency. Auditors need to take those initial steps to get started and do what internal audit does best: Do a little homework and ask good questions. However, in hopes of making it easier, the Institute of Internal Auditors (IIA) has released a new guide available free for IIA members, “Auditing Cyber Incident Response and Recovery.” The guide, which is part of the IIA’s Global Technology Audit Guide or GTAG series, covers risks and controls that correspond to the NIST CSF “Respond” and “Recover” functions.

Risk and controls for cyber incidents

The GTAG gives an overview of the relevant risks and controls in this area to help an internal audit activity with planning and scoping audit engagements. References to external control frameworks are offered, which, if used effectively, can help with the development of insightful audit approaches.

This guide will help internal auditors:

  • Define cyber incident response and recovery.
  • Develop a working knowledge of relevant processes, including related governance and risk management controls.
  • Understand risks and opportunities associated with cyber incident response and recovery.
  • Identify components of cyber incident response and recovery, including contributions from governance, risk management, and
  • planning processes, as well as controls to test and execute response and recovery plans.
  • Consider relevant control guidance in widely used IT-IS frameworks to increase the value of assurance and advisory services provided by the internal audit activity.
  • Understand the basics of auditing cyber incident response and recovery, including specific controls to be evaluated.

Safeguarding against cyber incident

Cyber incident response and recovery controls safeguard the confidentiality, integrity, and availability of systems and data, by providing critical layers to a defence in depth strategy.

An Internal Audit engagement would usually examine and determine whether response and recovery plans were designed and implemented effectively to enable timely service restoration.

Why choose Kreston Global for your cyber incident audit?

Our expert audit consultants today are on hand to discuss our range of services, including the cyber incident audit. We have a network of 160 independent accounting firms across more than 115 countries. Wherever you are in the world, choose Kreston Global to assist with your business needs. Speak to us today.