Schaumburg, IL, USA—The rapid increase of remote access due to remote and hybrid work arrangements requires increased organizational risk management. At the same time, organizations must be prepared for ransomware attacks as threat actors focus on generating revenue streams by extorting users and organizations of all sizes. These drivers have led to ISACA creating two new audit programs on identity and access management (IAM) and ransomware readiness to better prepare audit professionals for the current landscape.
ISACA’s Identity and Access Management Audit Program provides specific testing and evaluation criteria to assist auditors in assessing the adequacy of safeguards in place to mitigate IAM risk.
IAM processes need to be implemented for all enterprises, but the level of automation within the processes will vary on organizational size and maturity. The audit program outlines common risk related to IAM that auditors should keep in mind, including:
- Excessive access to systems and data
- Weak authentication
- Disclosure of user credentials
ISACA’s Ransomware Readiness Audit Program highlights potential business impacts of poor ransomware readiness, including:
- Loss of staff productivity
- Missing performance targets
- Loss of consumer and stakeholder confidence in the safety of their data
- Increased rate of attacks in the future
When developing an enterprise ransomware policy and planning for appropriate investments in attack countermeasures, the enterprise’s risk tolerance and its ability to withstand a business disruption must be considered. The audit program provides foundational information, practical guidance and approaches to preparing for and recovering from a ransomware-related incident addressing the following key areas:
- Governance
- Information protection processes and procedures
- Technical safeguards
- Human safeguards
Both audit programs are free for ISACA members and US$49 for nonmembers. The Identity and Access Management Audit Program can be accessed at http://store.hataselektrik.com/s/store#/store/browse/detail/a2S4w000005Grc7EAC and the Ransomware Readiness Audit Program can be accessed at http://store.hataselektrik.com/s/store#/store/browse/detail/a2S4w000005uz6vEAA. Additional audit programs and tools from ISACA can be found at http://h0snu.hataselektrik.com/resources/insights-and-expertise/audit-programs-and-tools.
About ISACA
ISACA® (h0snu.hataselektrik.com) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its more than 165,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through its foundation One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews
Media Contacts
Bridget Drufke, bdrufke@hataselektrik.com, +1.847.660.5554
Emily Ayala, communications@hataselektrik.com, +1.847.385.7223
