Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

11-31 (Objectives 11-3 , 11-4) A growing number of organizations have been the t

ID: 419690 • Letter: 1

Question

11-31 (Objectives 11-3 , 11-4) A growing number of organizations have been the target of hacking attacks, or cyberattacks, in recent years. High-profile examples in the U.S. include Target Corp., Home Depot Inc., the Internal Revenue Service, and other government agencies such as the Office of Personnel Management. Companies and governments need to consider the risks of a cyberattack, and consider backup plans in the event a cyberattack results in a loss of hardware, software, or data. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a thought paper, COSO in the Cyber Age, to help organizations assess and mitigate risks associated with cybersecurity through the existing COSO Framework. Visit the COSO Web site (www.coso.org), and refer to the “Guidance” tab. Read the thought paper to answer the following questions:

Required

The COSO guidance acknowledges that “cyber risk is not something that can be avoided; instead it must be managed.” Why is cyber risk unavoidable? Does this acknowledgement make it more or less difficult to address and mitigate cyber risk?

At the control environment level (the first of the five components of internal control), what should organizations do to address cyber risk?

The paper identifies five broad categories of cyberattack perpetrators and motivations. Briefly describe each group of perpetrators and their motivation.

What types of control activities are recommended to address cyber risks?

Explanation / Answer

The COSO guidance acknowledges that “cyber risk is not something that can be avoided; instead it must be managed.” Why is cyber risk unavoidable? Does this acknowledgement make it more or less difficult to address and mitigate cyber risk?

While businesses use great caution when sharing information about their technology, both internally and externally, to protect their business operations, cyber attackers have the luxury of operating at the opposite end of the spectrum. They share information openly without boundaries, with little fear of legal repercussions, and often operate with a great deal of anonymity. Cyber attackers leverage technology to attack from virtually anywhere and to target virtually any kind of data. Despite this far reaching cyber threat, it is clear that protecting all data is not possible, particularly considering how an organization’s objectives, processes and technology will continue to evolve to support its operations. Each evolution creates an opportunity for exposure – and while evolution can be handled with care to minimize the opportunity for exposure it is impossible to be one hundred percent certain. Further, cyber attackers continue to evolve, finding new ways to exploit weaknesses. As a result, the reality is that cyber risk is not something that can be avoided; instead, it must be managed. This acknowledgement can help an organization prepare the appropriate strategy against all kinds of cyber threats through evolution of its processes and technology to mitigate cyber risk.

At the control environment level (the first of the five components of internal control), what should organizations do to address cyber risk?

The control environment level forms the foundation for an organization to properly manage its cyber risk exposures. Keys to effective control environment and monitoring of cyber risks include the following –

The paper identifies five broad categories of cyberattack perpetrators and motivations. Briefly describe each group of perpetrators and their motivation.

The perpetrators of cyber-attacks, and the motivations behind their attacks, fall into the following broad categories:

What types of control activities are recommended to address cyber risks?

Control activities are the actions performed by individuals within the organization that help to ensure management’s directives are followed in order to mitigate risks to the achievement of the objectives. Control Activities recommended to address cyber risks are -

Related Questions

11, State Street Beverage Company issues S805.000 of 9%, 10-year bonds on March
Question #2597512
11, show the volume of stock and diluent needed to prepare 200mL of 0.4M solutio
Question #133939
11,Given a JPanel panel2 that sits in a JFrame. Create and add Go! and Stop! but
Question #3542470
11,Real estate values in your area are going up at the rate of 14% each year. Yo
Question #2819759
11- 6 Oriole Company purchased equipment for $251,090 on October 1, 2017. It is
Question #2525709
11- A carbon atom is tetravalent, which means that a. Its atom contains 4 electr
Question #205956
11- A cost that has already been incurred and cannot be recouped is called as a(
Question #2636120
11- An impartial agent is: A. a manager within the firm who supports his/her emp
Question #332606
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Chat Now And Get Quote

Navigate

Previous
11-30. Relevant Cost Exercises. Each of the following situations is independent:
Next
11-31. Please solve the PW of the depreciation schedule based on 15% interest ra

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.