The rapid increase of remote access due to remote and hybrid work arrangements requires increased organizational risk management. At the same time, organizations must be prepared for ransomware attacks as threat actors focus on generating revenue streams by extorting users and organizations of all sizes. These drivers have led to ISACA creating two new audit programs on identity and access management (IAM) and ransomware readiness to better prepare audit professionals for the current landscape.
ISACA’s Identity and Access Management Audit Program provides specific testing and evaluation criteria to assist auditors in assessing the adequacy of safeguards in place to mitigate IAM risk.
IAM processes need to be implemented for all enterprises, but the level of automation within the processes will vary on organizational size and maturity. The audit program outlines common risk related to IAM that auditors should keep in mind, including:
- Excessive access to systems and data
- Weak authentication
- Disclosure of user credentials
ISACA’s Ransomware Readiness Audit Programhighlights potential business impacts of poor ransomware readiness, including:
- Loss of staff productivity
- Missing performance targets
- Loss of consumer and stakeholder confidence in the safety of their data
- Increased rate of attacks in the future
When developing an enterprise ransomware policy and planning for appropriate investments in attack countermeasures, the enterprise’s risk tolerance and its ability to withstand a business disruption must be considered. The audit program provides foundational information, practical guidance and approaches to preparing for and recovering from a ransomware-related incident addressing the following key areas:
- Governance
- Information protection processes and procedures
- Technical safeguards
- Human safeguards
Both audit programs are free for ISACA members and US$49 for nonmembers. The Identity and Access Management Audit Program can be accessed at https://store.isaca.org/s/store#/store/browse/detail/a2S4w000005Grc7EAC and the Ransomware Readiness Audit Program can be accessed at https://store.isaca.org/s/store#/store/browse/detail/a2S4w000005uz6vEAA. Additional audit programs and tools from ISACA can be found at https://www.isaca.org/resources/insights-and-expertise/audit-programs-and-tools.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!