مشخصات مقاله | |
انتشار | مقاله سال 2018 |
تعداد صفحات مقاله انگلیسی | 34 صفحه |
هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
منتشر شده در | نشریه امرالد |
نوع مقاله | ISI |
عنوان انگلیسی مقاله | Factors associated with security/cybersecurity audit by internal audit function: An international study |
ترجمه عنوان مقاله | عوامل مرتبط با بازرسی امنیتی / سایبری با استفاده از حسابرسی داخلی: مطالعه بین المللی |
فرمت مقاله انگلیسی | |
رشته های مرتبط | حسابداری |
گرایش های مرتبط | حسابرسی |
مجله | مجله حسابرسی مديريت – Managerial Auditing Journal |
دانشگاه | Louisiana Tech University – Ruston – Louisiana – USA |
کلمات کلیدی | حسابرسی داخلی، امنیت سایبری، حکومت هیئت مدیره |
کلمات کلیدی انگلیسی | Internal audit, Cybersecurity, Board governance |
کد محصول | E7065 |
وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
بخشی از متن مقاله: |
Introduction
Cyberattacks have been unprecedented in the recent years; of the ten top technology risks identified by the Institute of Internal Auditors (IIA), both cybersecurity and information security rank as the top two technology risk concerns facing firms (IIA, 2015a, 2015b). The Heritage Foundation (2015) reported an average of 160 successful cyberattacks per week in 2014, which was more than three times the 2010 average. The costs of cyberattacks are tremendous (Ponemon Institute, 2015), averaging $15.4 million for a company operating in the USA, This figure has more than doubled since 2010, and the number of data breaches is expected to continue to increase (DiPietro, 2013). It is estimated that cybercrime could cost businesses over $2 trillion by 2019 (Juniper Research, 2015), which is nearly four times the estimated 2015 expense. In view of these findings, we see that cybersecurity risk management is of paramount importance, and we can confidently assert as a generality that higher-quality cybersecurity is in the interests of firms everywhere. Cybersecurity research has investigated behavioral aspects of technology users (Bulgurcu et al., 2013; D’Arcy et al., 2009; Johnston and Warkentin, 2010; Siponen and Vance, 2010; Spear and Barki, 2010). Researchers have also investigated security awareness (Herath and Rao, 2009; Puhakainen and Siponen, 2010; Willison and Warkentin, 2013) and market reactions to information security initiatives (Gordon et al., 2010). The relationship between the makeup of board technology committees in the context of security breaches has been studied (Higgs et al., 2016), similar to the effects of security incidents on firms and their reputations (Campbell et al., 2003; Cavusoglu et al., 2004; Goldstein et al., 2011; Wang et al., 2013). The relationship between security programs (Cavusoglu et al., 2009; Iheagwara, 2004; Kumar et al., 2008; Straub, 1990) and the optimal investment in security (Gordon and Loeb, 2002; Wang et al., 2008) has been studied as well. Less research has focused on information security governance (Dhillon et al., 2007; Hong et al., 2003; Mishar and Dhillon, 2006; Steinbart et al., 2016) and the important relationship between information security management and the internal audit function (IAF) (Steinbart et al., 2014a; 2014b; 2013; 2012). Importance of security/cybersecurity audit Even though the security risks to organizations have steadily increased, less empirical research has investigated various types of information systems (IS) security, in particular the nature and scope of system security implementations (Dhillon et al., 2007). There is also a limited understanding of how organizations manage the various IS security dimensions and the potential problems involved in doing so (Dhillon and Backhouse, 2001). Security/cybersecurity audit is a new dimension of security practice intended to support the protection of critical information assets of the firm. An auditing process will seek to obtain evidence of organizational information security policies and their efficacy for the protection of asset integrity, data confidentiality, and data access and availability (Pereira and Santos, 2010). Essentially, the audit serves to assess the effectiveness of an organization’s ability to protect its valued or critical assets (Onwubiko, 2009). Managing IS security is increasingly important for companies due to the growing dependence of the firm on technology for conducting business, creating competitive advantage and achieving a higher ROI (Pereira and Santos, 2010). |