[ad_1]
Last time I was completing, discussing the 3rd leading principle of COSO implementation. This week I will start discussing the 4th principle of COSO guide – Review and reviewS
Again Coso has 5 leading principles:
-
Management and culture
-
Strategy and objective determination
-
Implementation
-
Review and review
-
Information, communication and reporting
After a football match, a football team will review its movie and performing the game and make all the adjustments they need to improve their performance before their next match. The cybersecurity team must do the same for all its processes, but especially for risk management.
An organization must re -evaluate its ERM program over time as its business is changing. Cybersecurity programs should do the same given the constantly developing technology and the landscape of the threat. This includes removing security controls, if necessary (horror).
The continuous reassessment of cyber risk management practices ensures that cybersecurity teams remain in line with organizational goals and can continue to identify and manage the risks associated with new threats and vulnerabilities.
It is our challenge as cybersecurity leaders to do this faster and more efficiently in order to keep up with the pace of innovation and digital transformation in our organizations.
The three COSO principles for review and review are (COSO, 2017):
-
Evaluates the essential change
-
Reviews Risk and Effectiveness
-
Pursues improvement in the risk management of an enterprise
In the coming weeks, I will discuss how to implement each of these principles.
As always, I love your comments and if you want to have a direct conversation, please shoot me a message and we will set up something.
Have a nice week!
[ad_2]
