This is the fifth in the series of Audit insights: cyber security reports. It focuses on the substantial gap in cyber security maturity levels caused by complex legacy IT environments and how business needs to adopt a smarter approach to cyber security laws and standards.
Find out whether you should consider encrypting your data, how encryption works in practice and what types of appropriate technical and organisational measures are common.
While the fundamentals on how to protect yourself, your business and your clients remain essentially unchanged, the context in which we write about them continues to shift. Cyber criminals are always finding new means of attack and we all need to keep up to keep them out.
This example password/pass phrase policy could be used by an organisation to help protect client and employee data. It is jointly published by ICAEW's Business Law and IT Faculty.
Features and articles
Develop your awareness of cloud computing and its risks, with Peter Mandich’s introduction to the faculty’s new report for internal auditors.
Bernard O’Hara, Director in Risk Consulting in KPMG, shares some thoughts on areas of focus for Business Owners and Board members in Northern Ireland in dealing with Cyber Risk.
Malcolm Bacchus, president of the LSCA, argues that the IT industry, as well as the computer end-user, should share responsibility in the fight against cyber crime.
Is the pressure we face to make sure our online information is secure actually making us less likely to make sound security decisions? David Jackson investigates.
During the introduction of Making Tax Digital (MTD), ICAEW is sharing the latest information about the software that taxpayers and agents will need to keep digital records and to submit information to HMRC.
With many more people starting to keep digital accounting records, and with more electronic interactions between HMRC and tax payers, this represents a new opportunity for cyber criminals to target tax payers and their agents. Experts from ICAEW Information Technology Faculty offer their top tips on how to keep cyber secure.
Standards and regulations
Cyber Essentials is a Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. Certification against this scheme is increasingly required for any company bidding for government contracts and sometimes their supply chain too.
Navigating the expanding landscape of information security standards can be a challenge. If you don't know your PCI DSS from your ISO 27001, Lesley Meall's at-a-glance guide can help.
The General Data Protection Regulation (GDPR) came into force on 25 May 2018. It applies to everyone trading within the EEA (including UK individuals and organisations).
Finance in a Digital World
ICAEW is collaborating with Deloitte to ensure its members and students have the knowledge and skills to take advantage of the opportunities offered by the fourth industrial revolution and to meet its challenges head on. Log-in to access exclusive content, including: eLearning, webinars and bite-sized summaries on individual technologies and the broader impact of digital technologies on finance.
Webinars and recordings
Stuart Jubb, MD of Consulting at Crossword Cybersecurity, and Nikki Cole, an experienced Non-Executive Director, discuss the processes that Boards should have in place to manage their cybersecurity risks.
Dr Jane Berney, Business Law manager at the ICAEW and Professor Jim Gee, Head of the Forensic and Counter Fraud Services Team discuss cybercrime and GDPR in the manufacturing sector
In this webinar, cyber security expert George Quigley, offers advice on how practitioners can keep their own data secure, plus what advice and services they could offer to their clients to help them keep their data secure.
The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact email@example.com
The article offers several tips for businesses to create a board of directors that can help manage cybersecurity risks. These tips include consulting both the board and chief information security officers on cybersecurity issues, demanding clarity in security reporting, and focusing on the human aspects of cyber risk.
The article focuses on the role of technology in bringing change to the delivery of accounting and consulting services. Topics discussed include technologies include blockchain, artificial intelligence, and robotic automation, digital services include cyber-security, IT advisory services, and data analytics services, and increasing the competence and skill of professionals.
The article presents the findings of the Information Technology (IT) Priorities 2019 survey among IT professionals in Great Britain and Europe, the Middle East ad Africa (EMEA).
How Southern Water has overhauled its data management and business intelligence technology.
Guidance on IT management topics for SMEs. Covers the following areas: computer hardware; business software; the internt; communications; IT security; buy and manage IT; IT support; staff and IT training.
Government campaign to raise cyber security awareness. Gives advice on: protecting your device; protecting your data; and protecting your business.
Advice from the National Cyber Security Centre to help protect organisations against cyber attacks. There are three levels of engagement , two of which leads to accreditation for certified cyber security.
Practical guidance for organisations including 10 steps to cyber security. Also provides information on cyber security threats detected in the UK.
ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.
This page presents an overview of instructions and guidance for small practices to prepare for Brexit.
This month, technical expert Julia Penny tackles the confusion around how the General Data Protection Regulations work with money laundering rules.
The lead negotiators for the UK and the EU have agreed a withdrawal agreement that would provide for a transitional period until December 2020, as well as a political declaration on the framework for a future relationship thereafter. Both need to be formally adopted.
If you so much as gather or store customer, supplier, or employee data, including sensitive information like payment details, you have a cyber risk exposure, and a breach of personal data can be especially harmful, says insurance broker Bluefin.
Good security practices
Information security is the branch of risk management that seeks to manage threats to organisational information. There are of course all kinds of information security risks. They all need to be assessed and businesses need to decide how to treat each one. This guide is solely concerned with the mitigation of information security risk.
As an auditor you face the challenge of addressing a burgeoning new form of service delivery that is not directly controlled by the organisation that has entrusted their data to the cloud. This helpsheet is intended to assist internal and external auditors to understand the risks associated with moving organisational activities to the cloud and scope a cloud-based services audit.
This guide is aimed primarily at SME organisations that need an overview of what BYOD (Bring Your Own Device) actually is, how it can be used to the organisation’s advantage and how to start developing their own BYOD and mobile strategy for using and managing mobile devices successfully within their business.
Resilience and recovery
In an IT world without obvious boundaries, Amar Singh explains how to avoid cybercrime and bounce back after an attack.
This article takes a timely look at the importance of IT Continuity Management and its relationship with Business Continuity Management (BCM), its corporate benefits, key business drivers and milestones in the process, the current threats to operations, and the impact it is having on the resilience agenda.
Risk and return
Kirstin Gillon reports from the second of our roundtable series on cyber security, with guest speaker Ian Livingston, exploring how boards are becoming more engaged in the need to protect their business.
With cyber attacks on the rise, the need for businesses to insure against threats is imminent. Arvind Hickman talks to the experts about why prevention is better than cure
In the first of a series of faculty roundtable discussions, information security professionals discuss how boards can help in the fight against cyber risk. This article first appeared in the September/October 2013 edition of Chartech Magazine.