عوامل مرتبط با بازرسی امنیتی / سایبری با استفاده از حسابرسی داخلی: مطالعه بین المللی / Factors associated with security/cybersecurity audit by internal audit function: An international study

عوامل مرتبط با بازرسی امنیتی / سایبری با استفاده از حسابرسی داخلی: مطالعه بین المللی Factors associated with security/cybersecurity audit by internal audit function: An international study

  • نوع فایل : کتاب
  • زبان : انگلیسی
  • ناشر : Emerald
  • چاپ و سال / کشور: 2018

توضیحات

رشته های مرتبط حسابداری
گرایش های مرتبط حسابرسی
مجله حسابرسی مدیریت – Managerial Auditing Journal
دانشگاه Louisiana Tech University – Ruston – Louisiana – USA

منتشر شده در نشریه امرالد
کلمات کلیدی انگلیسی Internal audit, Cybersecurity, Board governance

Description

Introduction Cyberattacks have been unprecedented in the recent years; of the ten top technology risks identified by the Institute of Internal Auditors (IIA), both cybersecurity and information security rank as the top two technology risk concerns facing firms (IIA, 2015a, 2015b). The Heritage Foundation (2015) reported an average of 160 successful cyberattacks per week in 2014, which was more than three times the 2010 average. The costs of cyberattacks are tremendous (Ponemon Institute, 2015), averaging $15.4 million for a company operating in the USA, This figure has more than doubled since 2010, and the number of data breaches is expected to continue to increase (DiPietro, 2013). It is estimated that cybercrime could cost businesses over $2 trillion by 2019 (Juniper Research, 2015), which is nearly four times the estimated 2015 expense. In view of these findings, we see that cybersecurity risk management is of paramount importance, and we can confidently assert as a generality that higher-quality cybersecurity is in the interests of firms everywhere. Cybersecurity research has investigated behavioral aspects of technology users (Bulgurcu et al., 2013; D’Arcy et al., 2009; Johnston and Warkentin, 2010; Siponen and Vance, 2010; Spear and Barki, 2010). Researchers have also investigated security awareness (Herath and Rao, 2009; Puhakainen and Siponen, 2010; Willison and Warkentin, 2013) and market reactions to information security initiatives (Gordon et al., 2010). The relationship between the makeup of board technology committees in the context of security breaches has been studied (Higgs et al., 2016), similar to the effects of security incidents on firms and their reputations (Campbell et al., 2003; Cavusoglu et al., 2004; Goldstein et al., 2011; Wang et al., 2013). The relationship between security programs (Cavusoglu et al., 2009; Iheagwara, 2004; Kumar et al., 2008; Straub, 1990) and the optimal investment in security (Gordon and Loeb, 2002; Wang et al., 2008) has been studied as well. Less research has focused on information security governance (Dhillon et al., 2007; Hong et al., 2003; Mishar and Dhillon, 2006; Steinbart et al., 2016) and the important relationship between information security management and the internal audit function (IAF) (Steinbart et al., 2014a; 2014b; 2013; 2012). Importance of security/cybersecurity audit Even though the security risks to organizations have steadily increased, less empirical research has investigated various types of information systems (IS) security, in particular the nature and scope of system security implementations (Dhillon et al., 2007). There is also a limited understanding of how organizations manage the various IS security dimensions and the potential problems involved in doing so (Dhillon and Backhouse, 2001). Security/cybersecurity audit is a new dimension of security practice intended to support the protection of critical information assets of the firm. An auditing process will seek to obtain evidence of organizational information security policies and their efficacy for the protection of asset integrity, data confidentiality, and data access and availability (Pereira and Santos, 2010). Essentially, the audit serves to assess the effectiveness of an organization’s ability to protect its valued or critical assets (Onwubiko, 2009). Managing IS security is increasingly important for companies due to the growing dependence of the firm on technology for conducting business, creating competitive advantage and achieving a higher ROI (Pereira and Santos, 2010).
اگر شما نسبت به این اثر یا عنوان محق هستید، لطفا از طریق "بخش تماس با ما" با ما تماس بگیرید و برای اطلاعات بیشتر، صفحه قوانین و مقررات را مطالعه نمایید.

دیدگاه کاربران


لطفا در این قسمت فقط نظر شخصی در مورد این عنوان را وارد نمایید و در صورتیکه مشکلی با دانلود یا استفاده از این فایل دارید در صفحه کاربری تیکت ثبت کنید.

بارگزاری