Cyber security, a top agenda for the boardrooms, says expert

 02 Nov 2017 - 1:04

Cyber security, a top agenda for the boardrooms, says expert
R Vittal Raj (fifth left), a cybersecurity expert and international speaker with IIA officials .

The Peninsula

The Institute of Internal Auditors (IIA) Qatar, recently  organised a seminar on a contemporary topic “Role of Internal Auditors in Cybersecurity” at Oryx Rotana Hotel, delivered by R Vittal Raj, cybersecurity expert and international speaker from India
Vittal set the context by highlighting “It is now a new normal that the Internet and emerging technologies in cyberspace are rapidly transforming business and life in unprecedented ways.”
“Given the inherent risks that operating in the cyberspace comes with, cyber security is fast becoming a top of agenda for the boardrooms. The board is often baffled with what questions to ask on cybersecurity and to whom,” he said.  Using real-life examples, Vittal emphasized on the top three guiding principles that could help the Board draw up their roadmap when it comes to asking the right questions on cybersecurity governance.
These three areas are Board Awareness, Analysis, and Action on Cybersecurity Governance. \
Cyberthreat awareness empowers the Board with the requisite confidence to kick-start their discussions. Analysis helps the Board get an enterprise perspective of the degree of cybersecurity risks and Action comes from the Board’s direction to the executive management on cybersecurity management goals that they need to achieve followed by monitoring the results of such actions.
The speaker also highlighted the valuable professional guidance from The Institute of Internal Auditors available for the Board, Executive and the operational management that they can use profitably. The IIA’s Global Technology Audit Guide (GTAG) on Assessing Cybersecurity Risks provides comprehensive yet usable guidance. This guidance comprehensively deals with the roles as regards managing cybersecurity for the three lines of enterprise defense. The Chief Information Officer /Information Security Officer and related operational management as the first line of defense, the second line being the Risk and Compliance functions and the third the Internal Audit that acts as an independent sounding entity to the Board.  Among others, Vittal also highlighted the increasing importance and role of the Chief Audit Executive in providing the Board with much-needed assurance on cybersecurity governance and management, which in turn triggers the need for CAEs to empower themselves with the knowledge and tools required to rise to the occasion.
“The Institute of Internal Auditors, which leads thought leadership in the profession of Internal Audit suggests the board look to its three lines of defense for managing every dimension of business risks,” said Sundaresan Rajeswar, Director of the IIA Qatar. Hassan al-Mulla President of the IIA Qatar who is an IT Auditor by profession opened the meeting. More than 140 auditors and IT professionals attended the event.