A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM)

Regner Sabillon, Jordi Serra-Ruiz, Victor Cavaller, Jeimy Cano

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Nowadays, private corporations and public institutions are dealing with constant and sophisticated cyberthreats and cyberattacks. As a general warning, organizations must build and develop a cybersecurity culture and awareness in order to defend against cybercriminals. Information Technology (IT) and Information Security (InfoSec) audits that were efficient in the past, are trying to converge into cybersecurity audits to address cyber threats, cyber risks and cyberattacks that evolve in an aggressive cyber landscape. However, the increase in number and complexity of cyberattacks and the convoluted cyberthreat landscape is challenging the running cybersecurity audit models and putting in evidence the critical need for a new cybersecurity audit model. This article reviews the best practices and methodologies of global leaders in the cybersecurity assurance and audit arena. By means of the analysis of the current approaches and theoretical background, their real scope, strengths and weaknesses are highlighted looking forward a most efficient and cohesive synthesis. As a resut, this article presents an original and comprehensive cybersecurity audit model as a proposal to be utilized for conducting cybersecurity audits in organizations and Nation States. The CyberSecurity Audit Model (CSAM) evaluates and validates audit, preventive, forensic and detective controls for all organizational functional areas. CSAM has been tested, implemented and validated along with the Cybersecurity Awareness TRAining Model (CATRAM) in a Canadian higher education institution. A research case study is being conducted to validate both models and the findings will be published accordingly.

Translated title of the contributionUn modelo integral de auditoría de ciberseguridad para mejorar la garantía de la ciberseguridad: El modelo de auditoría de ciberseguridad (CSAM)
Original languageEnglish (US)
Title of host publicationProceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages253-259
Number of pages7
Volume2017-November
ISBN (Electronic)9781538626443
DOIs
StatePublished - Mar 29 2018
Event2nd International Conference on Information Systems and Computer Science, INCISCOS 2017 - Quito, Ecuador
Duration: Nov 23 2017Nov 25 2017

Conference

Conference2nd International Conference on Information Systems and Computer Science, INCISCOS 2017
CountryEcuador
CityQuito
Period11/23/1711/25/17

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Artificial Intelligence
  • Energy Engineering and Power Technology
  • Control and Optimization

Fingerprint Dive into the research topics of 'A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM)'. Together they form a unique fingerprint.

Cite this