The AICPA ASEC, through its Cybersecurity Working Group, has developed a set of benchmarks, known as description criteria, to be used when preparing and evaluating the presentation of a description of the entity’s cybersecurity risk management program (description). An entity’s cybersecurity risk management program is the set of policies, processes, and controls designed to protect information and systems from security events that could compromise the achievement of the entity’s cybersecurity objectives and to detect, respond to, mitigate, and recover from,
Resources
Get description criteria for a cybersecurity risk management program
Sep 30, 2023 · 168.5 KB Download
FREE ACCOUNT
ACCESS
Resource
availableDownload the Description Criteria for Management's Description of the Entity's Cybersecurity Risk Management Program
File name: description-criteria.pdf
Already a member?
Log in with your account
Not a member?
To gain access to exclusive content, your first step is to join the AICPA & CIMA.