188bet亚洲真人体育下载 Provides Comments to Presidential 网络安全 Commission; Issues Criteria for Evaluation of Businesses’ Cyber Risks
2016年9月22日
![网络安全挂锁](/content/dam/aicpa/advocacy/cpaadvocate/publishingimages/cyber-security-padlock.jpg)
High-profile attacks on major entities have resulted in an increased focus on cybersecurity by boards of directors, 管理, 客户, investors and others who have expressed a desire for decision-useful information about an entity’s cybersecurity risk 管理 program.
的 美国注册188bet亚洲真人体育下载 (188bet亚洲真人体育下载)使用了最近的 信 to the Commission on Enhancing National 网络安全 to provide background and context regarding the 188bet亚洲真人体育下载网址 profession’s 努力 在网络安全领域, which it believes will help to provide a common foundation for meaningful enterprise-wide cybersecurity risk 管理 and reporting.
9月9日, 苏珊C. 科菲, 188bet亚洲真人体育下载网址, CGMA, 188bet亚洲真人体育下载 executive vice president for 公共实践, 所述, “We believe a 188bet亚洲真人体育下载网址’s opinion on the design and operating effectiveness of an entity’s cybersecurity risk 管理 program could enhance the confidence that decision makers place in the entity’s cybersecurity reporting.”
目前, 188bet亚洲真人体育下载网址s provide cybersecurity examination services under a variety of generally accepted professional standards and approaches. 然而, the 188bet亚洲真人体育下载 believes adoption of a more consistent profession and market-wide approach for 188bet亚洲真人体育下载网址s to examine and report on an entity’s cybersecurity measures would address the informational needs of a broad range of users. 进一步, it would introduce a level of consistency that does not exist at present in the context of cybersecurity reporting and related assurance.
的 188bet亚洲真人体育下载 on September 19 exposed two sets of criteria for public comment which will result in guidance for the evaluation of businesses’ cyber risks.
第一份征求意见稿 Proposed Description Criteria for Management’s Description of an Entity’s 网络安全 Risk Management Program, is intended for use by 管理 in designing and describing its cybersecurity risk 管理 program and by public accounting firms to report on 管理’s description. 第二个, Proposed Revision of Trust Services Criteria for Security, 可用性, 处理完整性, 保密, 和隐私, outlines revised 188bet亚洲真人体育下载 trust services criteria for use by public accounting firms that provide advisory or attestation services to evaluate the controls within an entity’s cyber risk 管理 program, 或SOC 2®约定. Comments on the exposure drafts are due by December 5.
“In response to growing market demand for information about the effectiveness of an entity’s cybersecurity risk 管理 program, 审计行业, 通过美国注册188bet亚洲真人体育下载, is developing a common foundation through the issuance of criteria and guidance,科菲说。. “Our primary objective is to propose a reporting framework through which organizations can communicate useful information regarding their cybersecurity risk 管理 programs to stakeholders.”