Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Where Internal Audit Can Help in Cyber-Security

Tammy Whitehouse | February 24, 2015

With yet another potentially catastrophic data breach hitting Corporate America—add insurance giant Anthem to the list of recent victims—internal audit departments are trying to pinpoint what expertise they can bring to the company’s cyber-security risk assessment, and where they might need to rely on more technical help.

The good news, such that it is: There is plenty of work to do no matter what.

“There is so much technical nuance to cyber-security; when people hear terms like firewalls, domains, vulnerability testing, and segmented networks, a lot of internal auditors become intimidated,” says Tom O’Reilly, director of internal audit at Analog Devices. Even executive management and audit committees may wonder whether internal audit is up to the task of assessing a company’s vulnerability to a cyber-breach and readiness to address one when it occurs.


Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.