new don’t be a target! e-auditing pitfalls to avoid 19... · 2019. 9. 30. · presented by: jj...
TRANSCRIPT
![Page 1: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/1.jpg)
Presented by:JJ Edmunds CPA, CIA, CISA, Audit and Assurance ManagerAntonina McAvoy CISA, Cyber and Control Risk Services Manager
Don’t be a Target!
Peace of mind is a matter of choice.
E-Auditing Pitfalls to Avoid
![Page 2: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/2.jpg)
Business Disruption
![Page 3: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/3.jpg)
GLOBAL CYBER WARFARE
![Page 4: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/4.jpg)
Intellectual Property
Trade Secrets Infrastructure
Designs Confidential Project Data
Financial Data
Personal Data
Data Is The New Oil
![Page 5: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/5.jpg)
Cybercrime Annual Revenues
![Page 6: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/6.jpg)
Key Cyber Trends
![Page 7: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/7.jpg)
Root Cause of Cyber Attacks
Source: Ponemon Report
![Page 8: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/8.jpg)
Types of Cyber Attacks
Source: Ponemon Report
![Page 9: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/9.jpg)
Data at Risk
Source: Ponemon Report
![Page 10: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/10.jpg)
Reduce Your Risk Vector
![Page 11: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/11.jpg)
How Can You Minimize Being a Statistic?
• What are your assets?
• What are your threats?
• What are your vulnerabilities?
• Impact vs Likelihood
![Page 12: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/12.jpg)
Risk Management Programand E-Auditing Considerations
![Page 13: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/13.jpg)
Member Identification
• Strong authentication questions• Call backs• OFAC Scans• Multi-factor authentication• Exception monitoring• Frequent and Constant Employee training
![Page 14: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/14.jpg)
NCUA Wire Internal Controls
• Training• Physical and Logical Controls• Segregation of Duties• Exposure limits• Defined roles• Member identification• User access monitoring• Call back/dual authentication
![Page 15: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/15.jpg)
NCUA ACH Internal Controls
• HR Policies and Procedures• Physical Security• Data Security • Software development and change• Exposure limits• Segregation of duties• User Access
![Page 16: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/16.jpg)
NCUA Remote DepositInternal Controls
• Benchmarking of performance• Board approved policies• Data security• Segregation of Duties• User Access
![Page 17: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/17.jpg)
Cybersecurity Risk Management
![Page 18: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/18.jpg)
User Education and Awareness• Acceptable Use Policy / Agreement• Security awareness and policy
training• Secure Password Construction• Phishing• Whaling Attack
• Social Engineering• Physical Access• Malware• Ransomware• Confidential Data Handling
• Compliance and Monitoring
![Page 19: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/19.jpg)
Home and Mobile Working
• How many organizations have a Virtual Office Policy / Mobile Working Policy, or Agreement?
• Threats: Network Attacks, Viruses, Data Loss, and other remote user hazards
• Protect Data in Transit and at Rest• Secure Baseline Build for all Devices
– i.e. Ensure devices have updated virus protection software and appropriate firewall status before allowing them on VPN
![Page 20: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/20.jpg)
Secure Configuration
• Current System Inventory List• Baseline Build for all Devices• Patch Management Policy/Process
• Are you at risk? Practices to be avoided:– Use of default passwords for systems and devices– Lack of formal configuration management process– Lack of consistent software install process– Unnecessary software installed on networks/servers– Improper file and directory permissions– User accounts with unnecessary access privileges
![Page 21: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/21.jpg)
Removable Media Controls
• What is the Risk?– Loss of sensitive information – Introduction of malware– Reputational damage
• Corporate Removable Media Policy• Best Practices to Implement:
– Limit use of removable media– Scan all media for malware– Formally issue media to users– Encrypt information held on media– Manage reuse/disposal of removable media– Educate users and maintain awareness
![Page 22: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/22.jpg)
Managing User Privileges
• Access Control Policy• User Provisioning
– Formal request and approval– Principle of least privilege (network, app, and db)– Regulate the creation of new accounts, administration of
rights, and the editing of account details
• User Deprovisioning– Access disabled/deleted within 1-3 business days– Admin password change when support leave
• User Access Reviews• Restrict Administrative Access
![Page 23: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/23.jpg)
Incident Management
• Do you have a written plan? • How many times have you
tested it?– Living Process… Update
Regularly!
![Page 24: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/24.jpg)
Business Continuity Planning (BCP) andDisaster Recovery (DR)
Source: Centre Technologies
• BCP: Business function prioritization, Business Impact Analysis, Risk Assessment, Legal and Regulatory Requirements Identified
• DR: Asset/Technology Inventory, Asset Criticality, Disaster Recovery Contracts, Building Plans and System Diagrams
![Page 25: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/25.jpg)
Monitoring
• Monitoring Strategy & Supporting Policies• Continuously Monitor all Systems & Networks• Capture and Analyze Logs for Unusual Activity• Real-Time Monitoring:
– Monitor network performance / availability / traffic– Monitor user activity (i.e. Detect and stop malicious
activity before security is compromised)– Monitor computer operations (key backups / batches)
![Page 26: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/26.jpg)
Malware Protection
• Corporate Malware Policy• Personal Vigilance
– Be wary of emails with attachments, links, or requests to enter your User ID and password
• Protective Tools– Anti-virus security package– Scan for malware across the organization– Automatically filter out malicious attempts– Only compliant machines gain network access
![Page 27: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/27.jpg)
Network Security
• Security Policy• Apply the Principle of Least Privilege• Dual Authentication• Segmented Networks
– Create clear separation of data within network based on security requirements (i.e. isolate cardholder data from the rest of network)
• Network Security Scanner• Vulnerability Scanning• Patch Management
![Page 28: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/28.jpg)
Questions
![Page 29: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/29.jpg)
Presented by:JJ Edmunds CPA, CIA, CISA, Audit and Assurance ManagerAntonina McAvoy CISA, Cyber and Control Risk Services Manager
MANAGING OUTSOURCED TECHNOLOGYAND SERVICE PROVIDERS
![Page 30: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/30.jpg)
Why do I need a vendor management program?
Why do I need a vendor
management program?
![Page 31: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/31.jpg)
THIRD-PARTY VENDORS
59%
THIRD PARTIES PLAY A CRITICAL
ROLE IN BUSINESS
FUNCTIONS
DELOITTE SURVEY
74%
![Page 32: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/32.jpg)
Another threat:
Third Party Vendors
FINANCIAL / ACCOUNTING
SYSTEM
IT SUPPORT NETWORK
PAYROLL
CORPORATE CREDIT UNION
YOUR CREDIT UNION
![Page 33: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/33.jpg)
THIRD-PARTY VENDOR RISK
PONEMON INSTITUTE
59%
DATA BREACHES CAUSED BY A THIRD-PARTY
VENDOR
![Page 34: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/34.jpg)
Source: reuters.com
THIRD PARTY BREACHES IN THE NEWS
![Page 35: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/35.jpg)
Source: reuters.com
THIRD PARTY BREACHES IN THE NEWS
![Page 36: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/36.jpg)
Source: reuters.com
THIRD PARTY BREACHES IN THE NEWS
![Page 37: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/37.jpg)
Can You RateYour Vendors’ Risk Level?
FINANCIAL / ACCOUNTING
SYSTEM
IT SUPPORT NETWORK
PAYROLL
CORPORATE CREDIT UNION
YOUR CREDIT UNION
?
? ?
?
![Page 38: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/38.jpg)
Security Risk Affects YourWhole Organization
EMPLOYEESMEMBERSITOPERATIONS
![Page 39: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/39.jpg)
How can you mitigate risks associated with outsourced service providers?
![Page 40: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/40.jpg)
Do I need aSOC audit for allvendors?
Do I need aSOC audit for allvendors?
![Page 41: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/41.jpg)
Why CUECS are Important
ACCESS DENIED
![Page 42: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/42.jpg)
Key Consideration
97% - Negligent Employees or Third Party Contractor
Who is your weakest link?
![Page 43: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/43.jpg)
The Blame Game
![Page 44: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/44.jpg)
Insurance: Common Problems
![Page 45: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/45.jpg)
Common Business Misconception
I’m not worried… I’ve got insurance!
Yes, but the real question is does your organization have the right cyber insurance?
![Page 46: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/46.jpg)
Key ConsiderationsAre You Being Negligent?
![Page 47: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/47.jpg)
Cyber Insurance… Denied?
• National Bank of Blacksburg v. Everest National Insurance Co.
• Hacked twice in less than a year and suffered total losses of $2.4 million (phishing scam)
• Link to article https://www.businessinsurance.com/article/20180727/NEWS06/912322962?template=printart
![Page 48: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/48.jpg)
Do You Have a Strategic Plan?
![Page 49: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/49.jpg)
Questions
![Page 50: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/50.jpg)
Contact
Antonina K. McAvoy, CISAManager, Cyber & Control Risk Services
150 Boush Street, Suite 400Norfolk, VA 23510Phone: (757) [email protected]
Visit www.pbmares.com to read our blog and learn of upcoming events.
JJ Edmunds, CPA, CIA, CISAManager, Audit and Attestation
3957 Westerre Parkway, Suite 220Richmond, Virginia [email protected]
![Page 51: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/51.jpg)
About the Speaker
JJ Edmunds, CPA, CIA, CISA• Manager, Audit and Attestation Services• Education:
– BS in Accounting, Christopher Newport University– Masters of Science of Accounting, Old Dominion University
• Experience:– 7 years of public accounting experience– Certified Public Accountant (CPA)– Certified Internal Auditor (CIA)– Certified Information Systems Auditor (CISA)
![Page 52: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/52.jpg)
About the Speaker
Antonina K. McAvoy, CISA• Manager, Cyber and Control Risk Services• Education:
– BS in Business Management & Accounting, Babson College– Pursuing MS in Cybersecurity, Utica College
• Experience:– 10 years in information technology (IT) auditing experience– Certified Information Systems Auditor (CISA)– Focus areas: Cybersecurity, IT General Controls (ITGC), Cyber Risk
Assessments, HIPAA Reviews, SOC Audits, and Internal Audit
![Page 53: New Don’t be a Target! E-Auditing Pitfalls to Avoid 19... · 2019. 9. 30. · Presented by: JJ Edmunds CPA, CIA, CISA, Audit and Assurance Manager. Antonina McAvoy CISA, Cyber and](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe525ddda7d7c0ab8285e55/html5/thumbnails/53.jpg)
About PBMaresCyber & Control Risk Services• PBMares has been specializing in IT and Cyber Security auditing for more
than 15 years. Service include:– Attestation
• IT General Controls Audits (ITGC)• Service Organization Control (SOC) Audits – SOC1, SOC2, SOC3 & SOC for Cybersecurity
– Consulting• Cyber Risk Assessments• Review of Cyber Insurance Coverage• Vulnerability Scans of Network (Internal and External)• Penetration Testing• Incident Response Consulting• Data Classification Process Design and Consulting• Review of Information Security Program Policies and Procedures• Information Security Awareness Training• User Life Cycle Management Consulting