Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Topics about Security Assurance

Read more about Assurance at ISACA.

“The lowest level of assurance is realized by performing self-assessments. The second level of assurance is realized by third-party statements and the third level of assurance is realized by continuous auditing.

There are several measures that can be used to assess a suppliers’ environment:

  • Certification of global standards and frameworks such as ISO 27001, Uptime TIER, TIA-942, and the Payment Card Industry Data Security Standard (PCI DSS)

  • Self-assessment questionnaires for the supplier, based on standards and frameworks such as ISO 27001, Trust Service Principles and CSA

  • Type II third-party reports that test the operation of measures periodically using robust standards or frameworks such as ISAE 3402/SSAE16 and SOC reports

  • Continuous monitoring of measures where there is continuous insight into the functioning of an organization’s control environment and security measures”

There are a few steps to assurance:

  • Understand the legislative framework in which the business exists (eg does the Mandatory Data Breach legislation apply to you, are you a financial organisation and need to follow APRA regulations).

  • Understand the risk appetite of your business (this will probably evolve over the course of doing the assurance process).

  • Conduct a risk assessment (either formally or just as you are going through the assurance process).

  • Understand or create a cybersecurity strategy - it could be as simple as “we need to be better at cybersecurity” or a full document that states goals, objectives, steps, and priorities).

  • Understand the controls required - you may need some help with this. Like what exactly is Application Control?

  • Implement the controls as outlined in the Assurance level you are wanting to achieve.

  • Document the controls put in place.

  • Monitor, measure, and audit the controls regularly.

  • Rinse and Repeat.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.