As digital trust professionals size up the threat landscape for 2023, ransomware continues to loom large – and not just for security practitioners. Audit, governance and risk professionals, too, have to account for this potentially calamitous threat.
ISACA’s Ransomware Readiness Audit Program highlights potential business impacts of poor ransomware readiness, including:
- Loss of staff productivity
- Missing performance targets
- Loss of consumer and stakeholder confidence in the safety of their data
- Increased rate of attacks in the future
When developing an enterprise ransomware policy and planning for investments in attack countermeasures, the enterprise’s risk tolerance and its ability to withstand a business disruption must be considered. ISACA’s ransomware audit program provides foundational information, practical guidance and approaches to preparing for and recovering from a ransomware-related incident addressing areas such as governance, information protection processes and procedures, technical safeguards and human safeguards.
The audit program is free for ISACA members and US$49 for nonmembers, and can be accessed at https://store.isaca.org/s/store#/store/browse/detail/a2S4w000005uz6vEAA. Additional audit programs and tools from ISACA can be found at https://www.isaca.org/resources/insights-and-expertise/audit-programs-and-tools.