How to Pass a Cybersecurity Audit in 10 Steps
September 17, 2015
With data breaches becoming an unfortunate everyday occurrence, cybersecurity is no longer just an IT issue. Legal departments, which have a need to protect sensitive information, such as employees’ and clients’ personally identifiable information and nonpublic corporate information, are increasingly becoming involved in data security issues as the universe of risk exposure expands.
Moreover, with cybersecurity featuring prominently on the federal government’s agenda over the last two years, the legal department should anticipate the potential for regulatory audits. Earlier this year, the White House held a Summit on Cybersecurity and Consumer Protection and issued an Executive Order Promoting Private Sector Cybersecurity Information Security Sharing. Meanwhile, federal agencies, including the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority, have announced examination priorities that include shoring up private-sector cybersecurity.
Thus, there is no time like the present to work with your Chief Security Officer, Chief Information Office, IT staff and compliance and risk personnel to review and bolster your cybersecurity policies and practices in anticipation of future regulatory action. With that in mind, here is a checklist of 10 critical items that can help your organization prepare for — and pass — its next cybersecurity audit.