Baker Tilly recently co-hosted a webinar with the Association of College and University Auditors (ACUA) for audit, internal audit, cybersecurity and risk management professionals:
How to audit cyber incident response
Cyber and IT risks are an inherent part of any higher education institution and can impact a college or university’s ability to conduct operations in support of its mission and student success. These risks require continuous identification, assessment and monitoring. Every institution must manage cyber risks, handle cybersecurity incidents and inevitably maneuver through a data loss or breach event. Per the 2019 “Cost of a Data Breach Report” study conducted by the Ponemon Institute, the average total cost of a data breach in the education industry is $4.77 million. Could your higher education institution afford this?
The cyber-criminal threats influencing academia come from financially motivated adversaries. College and university auditors must engage before, during and after cybersecurity incidents and/or breaches to help the business get back up and running and effectively assess what happened, why it happened and how to detect and prevent events in the future.
Key takeaways from the webinar
- Understand how auditors can get a seat at the table and engage with cybersecurity stakeholders
- Make the case for performing cybersecurity related audits or reviews
- Implement potential approaches for getting involved in post-breach remediation activities
Presenters and higher education cybersecurity specialists
- Mike Cullen, CISA, CISSP, CIPP/US, CCP, Principal and Higher Education Cybersecurity Leader
- Morgan Mincy, CPA, CMMC RP, Manager