Human threats
Hackers being able to get into an organisations internal network, to steal data or damage
Fraud
Theft of funds by dishonest use of computer system
Deliberate sabotage
Could be anything e.g malicious damage
Viruses
Can spread through network to all organisations computers
Malware
Often spread by clicking on a email
Term is used for intrusive software
Denial of service
Characterised by attackers attempting to prevent legitimate users of a service from using it
Checklist steps to protect an organisation from cyber risks
Allocate responsibility
Protect computers and your network
control employee access to computers and documents
Protect against viruses
Extend security beyond the office
Secure files stored on the cloud or other devices
Plan for the worst
Educate your team
Keep records and test your security
APC- PESPEK
Allocate responsibility
Decide who is responsible for maintaining security functions
Protect network and computers
Implement back up procedures
Implement a firewall (barrier between trusted network and untrusted, so blocks some sites)
Control employee access to computers and documents
Keep those with administrators ( complete access) to a minimum.
Use login ID and remove inactive ones.
Protect against viruses
Ensure staff are updated on spotting modern malware
Access anti virus software and update it
Extend security beyond the office
Check all business devices used remotely are protected.
Additionally, ensure staff are aware of dangers when connecting to public WIFI
secure files on the cloud or external devices
Restrict read- write capabilities
Establish approved lists of sharing mechanisms and online platforms. Block those not approved
Ensure sensitive information that is transferred outside of an organisation is encrypted.
Plan for the worst
Create a full disaster recovery plan in event of cyber attack
educate employees
Plan business training around security
Track files and test security
Regularly test procedures
Implement a system of keeping records to maintain security.
-
Assurance8
-
Levels of assurance7
-
Legal and professional requirements for Auditors11
-
benefits and limitations of assurance5
-
Sustainability14
-
Sustainability and Assurance5
-
After Assurance engagement acceptance T222
-
Obtaining an Engagement17
-
Planning7
-
Materiality9
-
Sustainability materiality4
-
Understanding an Entity10
-
Risk16
-
Analytical Procedures11
-
Processes and Internal Control T322
-
General IT controls17
-
Technological advances19
-
Cyber security risks16
-
Document Internal controls7
-
Internal audit.9
-
Internal control system revenue T48
-
Internal control system Dispatch and invoicing14
-
Internal controls Recording10
-
Internal controls cash collection4
-
Documentation T511
-
Appropriate evidence11
-
Tests of control and tests of detail8
-
Evidence and collection techniques18
-
Sampling10
-
Concluding on evidence9
-
Substantive Testing NCA and Inventory T621
-
general6
-
Substantive testing, other receivables and bank18
-
Substantive testing liabilities17
-
Audit of Accounting estimates-substantive procedures2
-
Substantive procedures Profit or loss7
-
Matters to report to senior staff within an Audit team1
-
Completion T77
-
Auditors report5
-
contents2
-
Code of professional ethics T814
-
Ethics and safeguards continued7
-
Ethical standards8
-
Threats and safeguards26
-
Non-audit work11
-
Advocacy, resolving ethical conflicts, and confidentiality.14
-
General data protection regulation GDPR5
