Integrated framework for cybersecurity auditing

Abstract

ABSTRACT Organizations receive several cyberattacks on their daily operations, thus the need for auditing. However, there is no unified tool to perform cybersecurity audit tasks which are expensive and tedious. In this paper, we build a cybersecurity framework to perform cybersecurity auditing process in organizations. It covers several types of threats and risks by providing the information systems auditors and cybersecurity professionals with several types of controls. Moreover, it illustrates the essential tools and techniques for cybersecurity auditing. The proposed framework clarifies the security issues through output reports. These reports specify the cybersecurity gaps. Also, it helps practitioners to generate an integrated tool to support cybersecurity auditors learning how to secure organizations and finding a mechanism to achieve the cybersecurity audit tasks.