GTAG: Auditing Cybersecurity Operations: Prevention and Detection


This publication is available for members. Please log in to download.
Would you like to become a member?

Stakeholders must be able to rely on internal audit’s independent, objective, and competent assurance services to verify whether organizational cybersecurity operations controls are well-designed and effectively and efficiently implemented.

The internal audit activity adds value when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT and IS functions.