Finally each organization should have appropriate

Info icon This preview shows pages 5–7. Sign up to view the full content.

Finally, each organization should have appropriate business continuity and disaster recovery plans that include specific incident-response procedures for dealing with a cyberevent. Stay current on updates and patches Updating and patching are the responsibility of the IT department and actually fall into the above category of IT controls, but they are such a critical security component that they warrant a sepa- rate discussion. Organizations must keep all systems up to date at all times. That sounds simple—until you see the list of items that need updating. Among the items are firewalls, routers, switches, servers, worksta- tions, laptops, tablets, phones, and peripheral devices such as printers and copiers. Management needs to ensure that IT—whether in-house or a vendor—updates all operating systems (Windows 8, Windows 7, etc.) and applications (Java, Adobe Flash, web browsers, etc.) with vendor-supplied patches. In addition, anti-virus/malware protection is needed not only for desktops and laptops, but mobile devices as well, including employee-owned devices that connect to the network. Make sure IT establishes an inventory reconcili- ation, which ensures that all systems are protected. Encourage the IT team, or your vendor, to assign 62 i Journal of Accountancy April 2016
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

this role to someone—preferably not an IT “fire- fighter”—who has time to fulfill these duties. If you outsource your network support to a vendor, make sure that your contracts establish and assign clear patching and updating responsibilities. Test your security and controls To determine its cybersecurity risk level, an organization should rely on two types of periodic assessments—vulnerability testing and information systems (IS) controls testing. Vulnerability testing involves the automated scanning of systems to determine if known vulner- abilities (security holes in software) are present. The tests should assess protections against threats both external (outside hackers) and internal (insiders or hackers that gain internal access). Commercialized scanning software currently tests for more than 50,000 vulnerabilities. IS controls testing verifies that the controls described above are functioning properly. Many organizations undergo a review of select controls as part of their financial audit, but this does not typically look at the entire environment. High-level oversight should ensure that IT promptly remedi- ates any issues discovered during testing. Organizations also need to regularly assess vendors that either host their data or have access to them via internal systems. KNOWLEDGE IS POWER The scope of the cybersecurity threat can be staggering. A good analogy is the story of the little Dutch boy who put his finger in a leaking dike, a small effort that helped prevent a huge disaster.
Image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern