The National Audit Office has published ‘Cyber security and information risk guidance for Audit Committees’. It provides a checklist of questions and issues covering:
- The overall approach to cyber security and risk management
- Capability needed to manage cyber security
- Specific aspects, such as information risk management, network security, user education, incident management, malware protection, monitoring, and home and mobile working
- Related areas, such as using cloud services and developing new services or technology
Organisations generally may wish to ask themselves the questions in this guide before their audit committees or auditors ask them (or they find themselves overtaken by events).