This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice ( for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Cyber security: Establishing a risk management program and reassessing disclosure practices

Published on: Jun 30, 2018

Cybersecurity continues to be one of the top risks on the minds of organizations' management, boards of directors, investors, customers, and other stakeholders, whether the organization is operating in the public, private, not-for-profit, or government sector. Given the significant reputational, operational, financial, legal, and regulatory implications of recent high-profile data breaches, stakeholders are increasingly interested in understanding an organization's exposure to cyber security risk and the related policies, processes, and controls it has in place to address this risk.

Topics include:

  • an introduction to the cyber security reporting framework issued by the American Institute of Certified Public Accountants (AICPA), known as System and Organization Controls (SOC) for Cybersecurity
  • questions for management of all entities to consider in developing a cybersecurity risk management program based on the AICPA's guidance
  • guidance issued by the Canadian Securities Administrators (CSA) and Securities and Exchange Commission (SEC) on cyber security risk disclosure


Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.