Chapter 9 - Cyber security processes

Question 1

What does the AICPA framework highlight the importance of governance?

Answer 1

How management must consider tone from the top
IT expertise
Hiring and training of cyber security personnel
Reporting lines and responsibility

Question 2

What roles are specifically mentioned by the AICPA framework?

Answer 2

Chief information officer
Risk committee
Chief risk officer
Chief technology officer reporting to CIO
Chief information security officer also reporting into the CIO

Question 3

Why is communication important internally in accordance with AICPA framework?

Answer 3

Policies and procedures
Employee handbook
Training
Escalation procedure

Question 4

Why is communication important externally in accordance with AICPA framework?

Answer 4

Legal/law enforcement communications
Disclosure policies with third parties
Media communications

Question 5

What are some methods of protection?

Answer 5

Policies
Software updates
Configurations
Security products
Application software controls

Question 6

How do we protect networks/systems?

Answer 6

Network configuration management
Firewalls
Antivirus endpoint security

Question 7

What is blockchain?

Answer 7

Described as a decentralised, distributed and public digital ledger that is used to record transactions across many computers