Abstract [eng] |
Nowadays cyber security risks are unavoidable and it is important to ensure that they are properly managed. Corporate intellectual property, customer and organization data, reputation of organization and financial resources are some of the elements that organizations risk to lose if they do not adequately manage cyber security risks. Importantly, the overall impact of cyber security risks must be considered by the organization’s management as a complex threat that negatively affects all business processes. In order to ensure comprehensive management of this risk, it is necessary to self- assess the most vulnerable areas of the organization, perform a threat impact analysis and plan response measures. The role of internal audit as an independent evaluator becomes essential to ensure the identification, good governance and resilience of cyber security risks, and also implementation of security measures. This study aims to assess how the internal audit procedures and the cyber security risk assessment procedures could be combined with each other and ensure the confidentiality of organizations private data and a secure environment for all business processes. In the academic literature there is a lack of methods to assess the risk of cyber security by integrating it into the organization’s internal audit procedures. Therefore, the aim of this study is to address this issue by proposing a model for assessing the cyber security risk in internal audit procedures and also encourage further research in this field. |