Get description criteria for a cybersecurity risk management program
Resources
AICPA logo
Cart
searchSearch
search
burger
AICPA logo
  • Home
Virtual Lock
Resources

Get description criteria for a cybersecurity risk management program

4 years ago · 165 KB Download

The AICPA ASEC, through its Cybersecurity Working Group, has developed a set of benchmarks, known as description criteria, to be used when preparing and evaluating the presentation of a description of the entity’s cybersecurity risk management program (description). An entity’s cybersecurity risk management program is the set of policies, processes, and controls designed to protect information and systems from security events that could compromise the achievement of the entity’s cybersecurity objectives and to detect, respond to, mitigate, and recover from, on a timely basis, security events that are not prevented. This document presents the description criteria.

Applying the description criteria in actual situations requires judgment. Therefore, in addition to the description criteria, this document also presents implementation guidance for each criterion. The implementation guidance presents factors to consider when making judgments about the nature and extent of disclosures called for by each criterion. The implementation guidance does not address all possible situations; therefore, users should carefully consider the facts and circumstances of the entity and its environment in actual situations when applying the description criteria.

Download the Description Criteria for Management's Description of the Entity's Cybersecurity Risk Management Program

File name: description-criteria.pdf

What did you think of this?

Every bit of feedback you provide will help us improve your experience

What did you think of this?

Every bit of feedback you provide will help us improve your experience

Related content