Why benchmark Cybercrime? Organizations rely on Information Technology ("IT" or "Cyber") to conduct business, communicate, and process digital information. A poorly designed or inadequately controlled IT environment can expose an organization to cybercrime, including fraud.
2. 2
IAA Benchmarking Cybercrime
We serve our clients all around the world
ONE FIRM
OUR OFFICES
Amsterdam
Barcelona
Beijing
Casablanca
Dubai
Frankfurt
Hong Kong
London
Luxembourg
Madrid
Milan
Montreal
Munich
New Delhi
Paris
Quebec
Singapore
Toronto
1 partnership
Across 13 countries
450
with 50 partners
professionals
7. 7
IAA Benchmarking Cybercrime
Asset Management
Business Environment
Risk Assessment
Supply Chain
Risk Management Strategy
Governance
IDENTIFY
01
The Identify Function assists in
developing an organizational
understanding to managing
cybersecurity risk and cyber fraud to
systems, people, assets, data, and
capabilities. Identifying the risks
enables a business to focus and
prioritize its efforts, consistent with its
risk management strategy and
business needs.
General Risk Security
8. 8
IAA Benchmarking Cybercrime
Access Control and Identity Management
Awareness & Training
Information Protection
Protective Technology
Maintenance
Data Security
PROTECT
02
The Protect function supports the
ability to limit or contain the impact of
potential cybersecurity and cyber
fraud events.
9. 9
IAA Benchmarking Cybercrime
Security Monitoring
Detection Process
Anomalies & Events
DETECT
03
The Detect Function defines the
appropriate activities to identify
events and enables timely discovery
of cybersecurity and fraud events.
10. 10
IAA Benchmarking Cybercrime
Communications
Management
Response Planning
RESPOND
04
The Respond Function includes
appropriate activities to take action
regarding a detected incident. It also
supports the ability to contain the
impact of a potential incident
Analysis
11. 11
IAA Benchmarking Cybercrime
Improvements
Communications
Recovery Planning
RECOVER
05
Recovery identifies appropriate
activities to maintain resilience plans,
and it supports timely recovery to
normal operations to reduce the
impact of cybersecurity or cyber
fraud incident.
12. 12
IAA Benchmarking Cybercrime
01
06
05 02
03
04
Understanding IT
policies, procedures
and documentation
Different objectives
to Internal Audit
Asking the right IT and Risk
questions for your specific
company
Priorities
Interpretation of
what can technically
be achieved
Tribalism