The People Factor in Cyber Breach
nation states and criminal organizations. Traditional approaches to evaluating risks and controls
are insufficient to prevent cyber-attacks.
Risk assessments focusing on the people, processes and technology over emphasise the information technology organisation. The critical focus needs to be on the“user”--since even a world-class information technology function can be interrupted by a single action performed by an individual user. Internal audit needs a fresh perspective that emphasises the individual user--who is the front line of cyber readiness--in addition to any administrative, physical and technical controls.
Risk assessments focusing on the people, processes and technology over emphasise the information technology organisation. The critical focus needs to be on the“user”--since even a world-class information technology function can be interrupted by a single action performed by an individual user. Internal audit needs a fresh perspective that emphasises the individual user--who is the front line of cyber readiness--in addition to any administrative, physical and technical controls.
