Cybersecurity threats are escalating, unnerving the boards of directors, managers, investors and other stakeholders of organizations of all sizes. It has become a topic of interest to every financial institution as regulators increase their focus on cyber risks and controls. Financial institutions are under increasing pressure to demonstrate that they are managing threats, and that they have effective processes and controls in place to detect, respond to, mitigate and recover from cybersecurity events, both in their organizations and in their vendor supply chains. In response to this increased focus, the AICPA has developed a new cybersecurity risk management framework that financial institutions can use to communicate their cybersecurity efforts to key stakeholders. The framework supports the AICPA’s new SOC for cybersecurity examination which enables the CPA to provide an independent opinion on a financial institution’s cybersecurity risk management program. The AICPA is also working on a new SOC for Vendor Supply Chains service to help support organizations vendor risk management activities, including the efforts of financial institutions to address systemic risk across the broader connected financial system.
• Understand why cybersecurity is an important risk management issue for financial institutions
• Understand marketplace demands driving the need for communication about financial institution cybersecurity risk management efforts
• Learn about the three elements of the AICPA’s cybersecurity risk management framework, including; (1) Description Criteria, (2) Trust Services Criteria (Control Criteria), and (3) SOC for Cybersecurity guidance for reporting on an Entity’s Cybersecurity Risk Management Program and Controls
• Learn about the evolution of the Trust Services Criteria, and how they are more cyber-centric
•Understand how the new Trust Services Criteria will affect both SOC for Service Organizations and SOC for Cybersecurity and Vendor Supply Chain services