Article
How to integrate cybersecurity with your IT and internal audit teams
Aug. 24, 2021 · Authored by Bryan Schader, Joan Taylor
A version of this article was published in the September 2021 edition of Healthcare News.
IT and internal audit teams share a common goal to protect your organization from risks, but collaboration between teams can sometimes cause friction due to key differences in approach and language.
If you can better understand how these teams interact, and some of the common collaboration challenges they face, your organization can help facilitate a stronger cybersecurity defense.
What are IT and internal audit teams’ roles in cybersecurity?
Many companies augment their cybersecurity efforts with internal audit teams, which evaluate internal controls, regulate risks, and streamline operations.
IT and internal audit teams are part of a larger cybersecurity strategy, with separate responsibilities and focus areas. Regardless of the organization’s size, industry, market, or risk tolerance, successful defense requires coordination and a shared ethos of risk management.
The graphic below shows an example of how these teams fit into a company’s overall security operations.
First line: Manage
The first line of defense involves the front-line process owners assessing activities that create underlying risks.
For the objectives of cybersecurity, the goal is to identify underlying cyberthreats and design and implement controls to address them.
Second line: Monitor
Once the proper controls are in place, the next step is for senior management to leverage their competence and expertise, monitor these controls, and make sure operations run effectively.
