Cybersecurity Attestation and Reporting Dr Graham Gal Department

Cybersecurity Attestation and Reporting Dr. Graham Gal Department of Accounting Isenberg School of Management ICGA-ICon. FESR Trakya Üniversitesi Sept 23 -26, 2014 September 23 -26, 2014

Main Issues • • Who Should Provide Assurance What Should be Reported Where will the Assurance Providers Come From Research UWCISA Toronto, CA October 1 -3, 2015

Who Should Provide the Assurance • The Role of Software Developers/Vendors – Should ANYONE be able to see any code • • Voting Machines Cars SIRI EVERY app – Who should be in charge of making the distinction • What is Proprietary • Distinction between code and date used by the code • A + B*A = C • Is there a difference – Cyber-espionage and theft of intellectual property UWCISA Toronto, CA October 1 -3, 2015

What Should be Reported • • Should Everything be Reported When it is discovered or when it is fixed Who should get to report Should everything be reported UWCISA Toronto, CA October 1 -3, 2015

Where will the Assurance Providers Come From • Will the come from Accounting Programs – Our Business Advisory Council is interested in CPA Exam Pass rates • Will the AICPA create new exams • Is Materiality an Issue • Damages UWCISA Toronto, CA October 1 -3, 2015

Research • What can Firms do – IA and INFOSEC Relationship – IA INFOSEC Knowledge • Fraud and INFOSEC – Types of Perpetrators • Narcissist - Overconfident • Psychopathy - Reckless • Machiavellianism - Amoral • Lock Knowledge versus Data • Software Engineering UWCISA Toronto, CA October 1 -3, 2015