Page 411 - ITGC_Audit Guides
P. 411

Appendix E. Organizations and Agencies That

                   Issue Advice


                   The  resources  below  may  provide  information  to  help  the  organization  identify,  monitor,  and
                   manage insider threats. While not exhaustive, the list is provided to help internal auditors expand
                   their knowledge and skills. Additionally, local and industry security standards and regulations must
                   be considered during the audit engagement planning phase to ensure resources are allocated to
                   the risks that are most significant to the specific organization.


                    American National Standards Institute/International Society of Automation
                    ANSI is the voice of the U.S. standards and conformity assessment system and the official U.S.
                    representative to the International Organization for Standardization and, via the U.S. National
                    Committee, the International Electrotechnical Commission (IEC). ANSI’s mission is to enhance
                    both the global competitiveness of U.S. business and the U.S. quality of life by promoting and
                    facilitating  voluntary  consensus  standards  and  conformity  assessment  systems,  and
                    safeguarding their integrity. https://www.ansi.org/cyber/


                    Australian Government: Attorney-General’s Department

                    The Protective Security Policy Framework (PSPF) comprises the Australian government’s security
                    risk  management  approach  and  guidance  to  support  effective  implementation.  The  PSPF
                    includes three personnel security core requirements essential for mitigating the threat posed by
                    trusted insiders. https://www.protectivesecurity.gov.au/personnel/Pages/default.aspx


                    Center for Internet Security

                    CIS is a nonprofit entity that establishes global standards and best practices for securing IT
                    systems and data to safeguard private and public organizations against cyber threats based on
                    the work of a global IT community. https://www.cisecurity.org

                    CERT Australia

                    CERT Australia is the national computer emergency response team. Established in 2010, CERT is
                    the primary government contact point for major Australian businesses to:

                          Receive and respond to cybersecurity incident reports.
                          Receive support and advice in responding to and mitigating cyber incidents.
                          Monitor cybersecurity incidents or attacks to develop a threat picture.
                          Provide advice and alerts to its partners to enhance their cybersecurity resilience.


                    https://www.cert.gov.au/





                         www.theiia.org                                      Auditing Insider Threat Programs   43
   406   407   408   409   410   411   412   413   414   415   416