Internet Security Alliance (ISA) Comments to the American Institute of CPA’s (AICPA) on the Creation of a Risk Management Methodology

December 5, 2016

The Internet Security Alliance congratulates the American Institute of CPAs’ for their effort to create a consistent assessment methodology for a company’s cybersecurity risk management processes.

ISA represents some of the largest companies in the world. These companies are the intended buyers and audience for the AICPA’s proposed cybersecurity attestation engagement. Our members are invested in ensuring that the finite company resources devoted to cybersecurity are spent efficiently and effectively.

We are gratified the AICPA recognizes that cybersecurity is a risk management issue requiring attention from boards of directors, senior management, business partners and investors.

Organizations that choose to voluntarily assess their own cyber readiness will be better able to understand their unique risk posture and be prepared to protect their systems. As these assessment tools are developed, it is imperative that they address the unique characteristics of the cyber threat. Thus, there are several unique characteristics that an appropriately designed cyber assessment tool would need to recognize. (Click the link to read the whole filing)

| Downloadable Copy (PDF)