Cyber security: Establishing a risk management program and reassessing disclosure practices

Published on: Jun 30, 2018

Cybersecurity continues to be one of the top risks on the minds of organizations' management, boards of directors, investors, customers, and other stakeholders, whether the organization is operating in the public, private, not-for-profit, or government sector. Given the significant reputational, operational, financial, legal, and regulatory implications of recent high-profile data breaches, stakeholders are increasingly interested in understanding an organization's exposure to cyber security risk and the related policies, processes, and controls it has in place to address this risk.

Topics include:

  • an introduction to the cyber security reporting framework issued by the American Institute of Certified Public Accountants (AICPA), known as System and Organization Controls (SOC) for Cybersecurity
  • questions for management of all entities to consider in developing a cybersecurity risk management program based on the AICPA's guidance
  • guidance issued by the Canadian Securities Administrators (CSA) and Securities and Exchange Commission (SEC) on cyber security risk disclosure


Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.