Does Your Cyber Security Include Governance? It Should

Steve Ursillo, Jr. | November 20, 2017 |

Effective risk management starts with a cyber security governance program, according to Steve Ursillo Jr., Partner, Risk Assurance & Advisory and National Leader, Information Assurance and Cybersecurity at Cherry Bekaert. Organizations need to build and implement effective governance program with effective policies and procedures—one that is fully understood by leadership and management, including audit committees. While organizations need to focus on preventing breaches, which remains critical, they also need to assume they will be breached and build a transparent system that is understood in advance. Leadership’s understanding of how cyber risks can ultimately translate into business risks is crucial.


Steve Ursillo, Jr.

Partner, Risk Assurance & Advisory and National Leader: Information Assurance & Cybersecurity, Cherry Bekaert LLP

is a Partner in Cherry Bekaert's Risk Assurance & Advisory Services (RAAS) group and serves as the National Leader for the Information Assurance & Cybersecurity practice. He specializes in technology risk management, internal control over financial reporting, information system security, privacy, cyber fraud, cybersecurity governance, IT assurance and IT advisory services. With more than 20 years of experience, Steve provides a variety of IT audit and security services for his clients across multiple industries. Steve holds several professional designations that are relevant to his experience and the firms’ practice consisting of the following: CPA, CIA, CGMA, CFE, CISA, CISM, CITP, CISSP, CGEIT, CRISC, CEH and CCSFP.  See more by Steve Ursillo, Jr.


Join the Conversation

To leave a comment below, login or register with


Thank you for your interest in our publications. These valuable works are the product of substantial time, effort and resources, which you acknowledge by accepting the following terms of use. You may not reproduce, store, transmit in any form or by any means, with the exception of non-commercial use (e.g., professional and personal reference and research work), translate, modify or create derivative works or adaptations based on such publications, or any part thereof, without the prior written permission of IFAC.

Our reproduction and translation policies, as well as our online permission request and inquiry system, are accessible on the Permissions Information web page.

For additional information, please read our website Terms of Use. ALL RIGHTS RESERVED.