In this course we will evaluate several attributes critical to the proper establishment of a cyber risk management program.

As discussed in the segment on Cyber programs and roles, in today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management. Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach.
Multiple risk management frameworks have been introduced including: • NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013. • ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission • FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council • SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. SEC’s Office of Compliance Inspections and Examinations • CC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses
• Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework: • Identify • Protect • Detect • Respond • Recover
In this course, we will evaluate several attributes critical to the proper establishment of a cyber risk management program. We will delve into the concepts and apply thoughts as to how each component should be evaluated for your organization. The course will utilize the NIST framework as a guide for application.
Field of Study: Information Technology

Lynn Fountain has over 45 years of experience spanning public accounting, corporate accounting and consulting. 24 years of her experience has been working in the areas of internal and external auditing. She is a subject matter expert in multiple fields including internal audit, ethics, fraud evaluations, Sarbanes-Oxley, enterprise risk management, governance, financial management and compliance. Ms. Fountain has held two Chief Audit Executive positions for international companies. In 2011, as the Chief Audit Executive for an international construction/ engineering firm, she was involved in the active investigation of a joint venture fraud. The investigation included work with the FBI and ultimately led to indictment of the perpetrators and recovery of $13M. Ms. Fountain is currently engaged in her own training and consulting business and is a regular trainer for the AICPA. Ms. Fountain is the author of three separate technical books. “Raise the Red Flag – The Internal Auditors Guide to Fraud Evaluations” was published by the Institute of Internal Auditors Research Foundation. -“Leading The Internal Audit Function” and -“Ethics and The Internal Auditor Political Dilemma” were published by Taylor & Francis In addition Ms. Fountain was a contributing author to the certification program exam for the National Association of Accountants. She also has certificate programs on various on-line platforms. Ms. Fountain has performed as an adjunct instructor for the School of Business for Grantham University and developed the first internal audit curriculum for the School of Business at the University of Kansas. Ms. Fountain obtained her BSBA from Pittsburg State University and her MBA from Washburn University in Kansas. She has her CGMA, CRMA credentials and CPA certificate (non-active).