Auditing in the Era of Cybersecurity: Challenges and Solutions
Article Sidebar
-
Cyber Security, Cyber Threats, Information Technology
Abstract
As threats and risks increase in the digital world, auditing in the cyber security era faces significant new challenges. Rapid digital change has increased the complexity of information systems, which makes the audit environment more complicated and requires new approaches to assessing the effectiveness of security controls. The increase in cyber threats that can threaten the integrity, confidentiality and availability of data is one of the main challenges facing auditors. Increasingly varied and sophisticated cyberattacks require proactive and adaptive audit techniques. Auditors must have the ability to evaluate cyber threats and evaluate how they impact a company's information systems and internal controls. Additionally, rapid technological advances such as cloud computing, artificial intelligence, and the Internet of Things (IoT) make auditing more difficult. To overcome this problem, risk and technology-based audits must be implemented. Lastly, training and development of auditors' skills is essential to address this issue. Auditors must keep their skills updated on cybersecurity and the latest technologies.
Lastly, training and development of auditors' skills is essential to address this issue. Auditors must keep their skills updated on cybersecurity and the latest technologies. Investment in ongoing training and certification of cybersecurity specialists will help them discover and address risks more effectively, and ensure more comprehensive and useful audits in an increasingly complex environment.
Full text article
References
Adeleke, IT, & Abdul, QBS (2020). Opinions on Cyber Security, Electronic Health Records, and Medical Confidentiality: Emerging Issues on the Internet of Medical Things From Nigeria. In PB Pankajavalli & GS Karthick (Eds.), Advances in Medical Technologies and Clinical Practice (pp. 199–211). IGI Global.https://doi.org/10.4018/978-1-7998-1090-2.ch012
Ahmad, N., Laplante, P. A., DeFranco, J. F., & Kassab, M. (2022). A Cybersecurity Educated Community. IEEE Transactions on Emerging Topics in Computing, 10(3), 1456–1463.https://doi.org/10.1109/TETC.2021.3093444
Ali, A., Al-rimy, BAS, Alsubaei, FS, Almazroi, AA, & Almazroi, AA (2023). HealthLock: Blockchain-Based Privacy Preservation Using Homomorphic Encryption in Internet of Things Healthcare Applications. Sensors, 23(15), 6762.https://doi.org/10.3390/s23156762
Al-Karaki, J. N., Gawanmeh, A., & El-Yassami, S. (2022). GoSafe: On the practical characterization of the overall security posture of an organizational information system using smart auditing and ranking. Journal of King Saud University - Computer and Information Sciences, 34(6), 3079–3095.https://doi.org/10.1016/j.jksuci.2020.09.011
Al-Matari, OMM, Helal, IMA, Mazen, SA, & Elhennawy, S. (2021). Integrated framework for cybersecurity auditing. Information Security Journal: A Global Perspective, 30(4), 189–204.https://doi.org/10.1080/19393555.2020.1834649
Alruwaili, F.F. (2021). Intrusion Detection and Prevention in Industrial IoT: A Technological Survey. 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), 1–5.https://doi.org/10.1109/ICECCME52200.2021.9590961
Aslam, M., Mohsin, B., Nasir, A., & Raza, S. (2020). FoNAC - An automated Fog Node Audit and Certification scheme. Computers & Security, 93, 101759.https://doi.org/10.1016/j.cose.2020.101759
Aziz, B., Suhardi, & Kurnia. (2020). A systematic literature review of cyber insurance challenges. 2020 International Conference on Information Technology Systems and Innovation (ICITSI), 357–363.https://doi.org/10.1109/ICITSI50517.2020.9264966
Chang, V., Golightly, L., Modesti, P., Xu, Q. A., Doan, L. M. T., Hall, K., Boddu, S., & Kobusi?ska, A. (2022). A Survey on Intrusion Detection Systems for Fog and Cloud Computing. Future Internet, 14(3), 89.https://doi.org/10.3390/fi14030089
Drivas, G., Chatzopoulou, A., Maglaras, L., Lambrinoudakis, C., Cook, A., & Janicke, H. (2020). A NIS Directive Compliant Cybersecurity Maturity Assessment Framework. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), 1641–1646.https://doi.org/10.1109/COMPSAC48688.2020.00-20
Fernández-Caramés, T.M., & Fraga-Lamas, P. (2020). Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases. Sensors, 20(11), 3048.https://doi.org/10.3390/s20113048
Hendawi, S., AlZu'bi, S., Mughaid, A., & Alqahtani, N. (2023). Ensuring Cybersecurity While Leveraging Social Media as a Data Source for Internet of Things Applications. In K. Daimi & A. Al Sadoon (Eds.), Proceedings of the 2023 International Conference on Advances in Computing Research (ACR'23) (Vol. 700, pp. 587–604). Springer Nature Switzerland.https://doi.org/10.1007/978-3-031-33743-7_47
Hollerer, S., Kastner, W., & Sauter, T. (2021). Towards a Threat Modeling Approach Addressing Security and Safety in OT Environments. 2021 17th IEEE International Conference on Factory Communication Systems (WFCS) , 37–40.https://doi.org/10.1109/WFCS46889.2021.9483591
Hussain Seh, A., F. Al-Amri, J., F. Subahi, A., Tarique Jamal Ansari, M., Kumar, R., Ubaidullah Bokhari, M., & Ahmad Khan, R. (2022). Hybrid Computational Modeling for Web Application Security Assessment. Computers, Materials & Continua, 70(1), 469–489.https://doi.org/10.32604/cmc.2022.019593
Jahankhani, H., & Kendzierskyj, S. (2019). Digital Transformation of Healthcare. In H. Jahankhani, S. Kendzierskyj, A. Jamal, G. Epiphaniou, & H. Al-Khateeb (Eds.), Blockchain and Clinical Trials (pp. 31–52). Springer International Publishing.https://doi.org/10.1007/978-3-030-11289-9_2
Kechagias, E. P., Chatzistelios, G., Papadopoulos, G. A., & Apostolou, P. (2022). Digital transformation of the maritime industry: A cybersecurity systemic approach. International Journal of Critical Infrastructure Protection, 37, 100526.https://doi.org/10.1016/j.ijcip.2022.100526
Kurniawan, K., Ekelhart, A., Kiesling, E., Quirchmayr, G., & Tjoa, AM (2022). KRYSTAL: Knowledge graph-based framework for tactical attack discovery in audit data. Computers & Security, 121, 102828.https://doi.org/10.1016/j.cose.2022.102828
Li, F., Shi, Y., Shinde, A., Ye, J., & Song, W. (2019). Enhanced Cyber-Physical Security in the Internet of Things Through Energy Auditing. IEEE Internet of Things Journal, 6(3), 5224–5231.https://doi.org/10.1109/JIOT.2019.2899492
Liu, L., Chen, C., Zhang, J., De Vel, O., & Xiang, Y. (2019). Insider Threat Identification Using the Simultaneous Neural Learning of Multi-Source Logs. IEEE Access, 7, 183162–183176.https://doi.org/10.1109/ACCESS.2019.2957055
Lois, P., Drogalas, G., Karagiorgos, A., Thrassou, A., & Vrontis, D. (2021). Internal auditing and cyber security: Audit role and procedural contribution. International Journal of Managerial and Financial Accounting, 13(1), 25.https://doi.org/10.1504/IJMFA.2021.116207
Lois, P., Drogalas, G., Karagiorgos, A., & Tsikalakis, K. (2020). Internal audits in the digital era: Opportunities risks and challenges. EuroMed Journal of Business, 15(2), 205–217.https://doi.org/10.1108/EMJB-07-2019-0097
Macak, M., Vanat, I., Merjavy, M., Jevocin, T., & Buhnova, B. (2020). Towards Process Mining Utilization in Insider Threat Detection from Audit Logs. 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS), 1–6.https://doi.org/10.1109/SNAMS52053.2020.9336573
Marín-López, A., Chica-Manjarrez, S., Arroyo, D., Almenares-Mendoza, F., & Díaz-Sánchez, D. (2020). Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain. Electronics, 9(11), 1865.https://doi.org/10.3390/electronics9111865
Milajerdi, S. M., Eshete, B., Gjomemo, R., & Venkatakrishnan, V. N. (2019). POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 1795–1812.https://doi.org/10.1145/3319535.3363217
Mondal, B., Chakraborty, D., Bhattacherjee, N. Kr., Mukherjee, P., Neogi, S., & Gupta, S. (2022). Review for Meta-Heuristic Optimization Propels Machine Learning Computations Execution on Spam Comment Area Under Digital Security Aegis Region. In E. H. Houssein, M. Abd Elaziz, D. Oliva, & L. Abualigah (Eds.), Integrating Meta-Heuristics and Machine Learning for Real-World Optimization Problems (Vol. 1038, pp. 343–361). Springer International Publishing.https://doi.org/10.1007/978-3-030-99079-4_13
Moustafa, N., Ahmed, M., & Ahmed, S. (2020). Data Analytics-Enabled Intrusion Detection: Evaluations of ToN_IoT Linux Datasets. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) , 727–735.https://doi.org/10.1109/TrustCom50675.2020.00100
Moustafa, N., Keshky, M., Debiez, E., & Janicke, H. (2020). Federated TON_IoT Windows Datasets for Evaluating AI-Based Security Applications. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) , 848–855.https://doi.org/10.1109/TrustCom50675.2020.00114
Panda, S., Woods, D. W., Laszka, A., Fielder, A., & Panaousis, E. (2019). Post-incident audits on cyber insurance discounts. Computers & Security, 87, 101593.https://doi.org/10.1016/j.cose.2019.101593
Pozdniakov, K., Alonso, E., Stankovic, V., Tam, K., & Jones, K. (2020). Smart Security Audit: Reinforcement Learning with a Deep Neural Network Approximator. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1–8.https://doi.org/10.1109/CyberSA49311.2020.9139683
Preuveneers, D., Joosen, W., Bernal Bernabe, J., & Skarmeta, A. (2020). Distributed Security Framework for Reliable Threat Intelligence Sharing. Security and Communication Networks, 2020, 1–15.https://doi.org/10.1155/2020/8833765
Rosati, P., Gogolin, F., & Lynn, T. (2019). Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters. The International Journal of Accounting, 54(03), 1950013.https://doi.org/10.1142/S1094406019500136
Rosati, P., Gogolin, F., & Lynn, T. (2022). Cyber-Security Incidents and Audit Quality. European Accounting Review, 31(3), 701–728.https://doi.org/10.1080/09638180.2020.1856162
Russell, B. (2020). IoT Cyber Security. In F. Firouzi, K. Chakrabarty, & S. Nassif (Eds.), Intelligent Internet of Things (pp. 473–512). Springer International Publishing.https://doi.org/10.1007/978-3-030-30367-9_10
Shah, S. M., & Khan, R. A. (2020). Secondary Use of Electronic Health Records: Opportunities and Challenges. IEEE Access, 8, 136947–136965.https://doi.org/10.1109/ACCESS.2020.3011099
Sibi Chakkaravarthy, S., Sangeetha, D., Cruz, M.V., Vaidehi, V., & Raman, B. (2020). Design of Intrusion Detection Honeypot Using Social Leopard Algorithm to Detect IoT Ransomware Attacks. IEEE Access, 8, 169944–169956.https://doi.org/10.1109/ACCESS.2020.3023764
Sultana, M., Hossain, A., Laila, F., Taher, KA, & Islam, MN (2020). Towards developing a secure medical image sharing system based on zero trust principles and blockchain technology. BMC Medical Informatics and Decision Making, 20(1), 256.https://doi.org/10.1186/s12911-020-01275-y
Szczepaniuk, E. K., Szczepaniuk, H., Rokicki, T., & Klepacki, B. (2020). Information security assessment in public administration. Computers & Security, 90, 101709.https://doi.org/10.1016/j.cose.2019.101709
Tetaly, M., & Kulkarni, P. (2022). Artificial intelligence in cyber security – A threat or a solution. 030036.https://doi.org/10.1063/5.0109664
Wallis, T., & Johnson, C. (2020). Implementing the NIS Directive, driving cybersecurity improvements for Essential Services. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1–10.https://doi.org/10.1109/CyberSA49311.2020.9139641
Yeboah-Ofori, A., & Islam, S. (2019). Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet, 11(3), 63.https://doi.org/10.3390/fi11030063
Zakaria, KN, Zainal, A., Othman, SH, & Kassim, MN (2019). Feature Extraction and Selection Method of Cyber-Attack and Threat Profiling in Cybersecurity Audit. 2019 International Conference on Cybersecurity (ICoCSec), 1–6.https://doi.org/10.1109/ICoCSec47621.2019.8970786
Zengy, J., Wang, X., Liu, J., Chen, Y., Liang, Z., Chua, T.-S., & Chua, Z. L. (2022). SHADEWATCHER: Recommendation-guided Cyber Threat Analysis using System Audit Records. 2022 IEEE Symposium on Security and Privacy (SP) , 489–506.https://doi.org/10.1109/SP46214.2022.9833669
Zhang, W., Bai, Y., & Feng, J. (2022). TIIA: A blockchain-enabled Threat Intelligence Integrity Audit scheme for IIoT. Future Generation Computer Systems, 132, 254–265.https://doi.org/10.1016/j.future.2022.02.023
Zhang, X., Zhao, J., Mu, L., Tang, Y., & Xu, C. (2019). Identity-based proxy-oriented outsourcing with public auditing in cloud-based medical cyber–physical systems. Pervasive and Mobile Computing, 56, 18–28.https://doi.org/10.1016/j.pmcj.2019.03.004
Zheng, Y., Li, Z., Xu, X., & Zhao, Q. (2022). Dynamic defenses in cyber security: Techniques, methods and challenges. Digital Communications and Networks, 8(4), 422–435.https://doi.org/10.1016/j.dcan.2021.07.006
Authors
Copyright (c) 2024 Apriyanto Apriyanto, Siti Mudawanah, Edi Sutanto, Adi Dwi Purnomo, Muhammad Wahid Murniawan
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
