 Obtaining reasonable assurance on cyber resilienceFilip Caron Managerial Auditing Journal, 2019, vol. 36, issue 2, 193-217 Abstract: Purpose - The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence. Design/methodology/approach - The paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines. Findings - Cyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations. Originality/value - The presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint. Keywords: Cyber risk; Cyber security; IT audit; Cyber assurance; Cyber resilience; Cyber security testing (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eme:majpps:maj-11-2017-1690 Access Statistics for this article Managerial Auditing Journal is currently edited by Professor Jie Zhou More articles in Managerial Auditing Journal from Emerald Group Publishing Limited |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.