Nowadays, private corporations and public institutions are dealing with constant and sophisticated cyberthreats and cyberattacks. As a general warning, organizations must build and develop a cybersecurity culture and awareness in order to defend against cybercriminals. Information Technology (IT) and Information Security (InfoSec) audits that were efficient in the past, are trying to converge into cybersecurity audits to address cyber threats, cyber risks and cyberattacks that evolve in an aggressive cyber landscape. However, the increase in number and complexity of cyberattacks and the convoluted cyberthreat landscape is challenging the running cybersecurity audit models and putting in evidence the critical need for a new cybersecurity audit model. This article reviews the best practices and methodologies of global leaders in the cybersecurity assurance and audit arena. By means of the analysis of the current approaches and theoretical background, their real scope, strengths and weaknesses are highlighted looking forward a most efficient and cohesive synthesis. As a resut, this article presents an original and comprehensive cybersecurity audit model as a proposal to be utilized for conducting cybersecurity audits in organizations and Nation States. The CyberSecurity Audit Model (CSAM) evaluates and validates audit, preventive, forensic and detective controls for all organizational functional areas. CSAM has been tested, implemented and validated along with the Cybersecurity Awareness TRAining Model (CATRAM) in a Canadian higher education institution. A research case study is being conducted to validate both models and the findings will be published accordingly.
[1]
CACM Staff,et al.
Cybersecurity
,
2017,
Studies in Big Data.
[2]
Andrew Moore,et al.
Security Architecture
,
2005
.
[3]
Luo Hong.
JAVA Security Architecture
,
2000
.
[4]
Craig Hollingsworth.
Auditing for FISMA and HIPAA: Lessons learned performing an in-house cybersecurity audit:
,
2016
.
[5]
David Brand.
A Global Look at IT Audit Best Practices
,
2016
.
[6]
Steven Pollard.
Stay safe online
,
2012
.
[7]
John Kelly.
Stay safe online
,
2017
.
[8]
Jong-in Lim,et al.
Cyber Security Governance Analysis in Major Countries and Policy Implications
,
2018
.
[9]
Robert Boyce.
Vulnerability Assessments: The Pro-active Steps to Secure Your Organization
,
2001
.