GTAG: Auditing Cybersecurity Operations: Prevention and Detection

Cybersecurity operations can be categorized into three high-level control objectives: security in design, prevention, and detection.

Stakeholders must be able to rely on internal audit’s independent, objective, and competent assurance services to verify whether organizational cybersecurity operations controls are well-designed and effectively and efficiently implemented. The internal audit activity adds value when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT and IS functions.

This is for members only. To access it and other valuable resources, become a member today.