#20: Cash in the Cyber Sheets - The Dirty 13 – Inadequate Risk Management in CPA Information Security Programs
Episode 20: The Dirty 13 – Inadequate Risk Management in CPA Information Security Programs
Continuing from last week’s deep dive into the most common mistakes in CPA information security programs, we explore one of the most critical: Inadequate Risk Management. Many CPAs fail to properly identify the specific risks their business faces, resulting in an incomplete risk assessment process. Without a clear understanding of their risks, they cannot make informed business decisions or prioritize efforts effectively. In this episode, we break down why risk management is so often overlooked and how it should be the cornerstone of every security program, enabling businesses to make better decisions and protect their operations.
Resources:
Input Output Blog
- 13 Mistakes CPA Firms Make with Their FTC Safeguards Rule Information Security Program
- CPA WISP: Written Information Security Plan for FTC Safeguards Rule Compliance
Explore more topics from the Cash in the Cyber Sheets - Dirty 13 series:
- Poor Password Management
- Bad Data Classification
- Most Common Data Backup Failures
- Most Common Physical Information Security Audit Findings
- Backup Restore Testing
- MSP Misconceptions
- Incident Response Management
- Supplier Risk Management
- Audit, Logging, & Monitoring
- Inadequate Employee Security Awareness & Training
- Avoiding the Most Common InfoSec Mistakes in Financial Firms and CPA Audits
