Security Risk Assessment
COSO Principle 8: The entity considers the potential for fraud in assessing risks to the achievement of objectives.
Considers Various Types of Fraud—The assessment of fraud considers fraudulent reporting possible loss of assets and corruption resulting from the various ways that fraud and misconduct can occur.Assesses Incentives and Pressures—The assessment of fraud risks considers incentives and pressures.Assesses Opportunities—The assessment of fraud risk considers opportunities for unauthorized acquisition use or disposal of assets altering the entity’s reporting records or committing other inappropriate acts.Assesses Attitudes and Rationalizations—The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions.Considers the Risks Related to the Use of IT and Access to Information—The assessment of fraud risks includes consideration of threats and vulnerabilities that arise specifically from the use of IT and access to information.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8