Review of Cybersecurity Audit Management and Execution Approaches

Abstract

The management and execution of good cybersecurity audits help organizations to strengthen their cybersecurity operations by detecting and mitigating cyberattacks and threats from attacking and destroying organizational assets based on the result of audit findings. However, the objectives of this audit cannot be fully achieved because of the various problems prevalent in audit management and execution. This paper aims to review issues that motivate the research of cybersecurity audit and the approaches to manage and execute it. Previous works in this area of interest are discussed by classifying and analyzing the current approaches. Models, scopes, strengths and limitations are studied and the most effective and accurate synthesis that can improve the quality of cybersecurity audits is highlighted. Various approaches to manage and execute cybersecurity audit with their objectives and advantages are classified. From this literature review, it is clear that cybersecurity audits can be improved by addressing the highlighted issues and create a well-rounded approach to improve the management and execution of auditing. Timeliness, accuracy and measurement in regards of cybersecurity auditing are not included in this review and shall be discussed in future study as they have significant impact on the audits.