 Security testing as part of a digital assurance toolkitGraeme Huddy
Cyber Security: A Peer-Reviewed Journal, 2024, vol. 7, issue 4, 363-370 Abstract: The role of IT audit and other digital assurance functions is to provide comfort to stakeholders regarding risks and the controls that have been implemented by management to safeguard an organisation. This paper discusses the misalignment between digital assurance activities and security testing. When performing security testing from an assurance perspective, it is common for the discussion with management to focus on the number of findings, not necessarily the impact. From a security testing perspective, a single finding could result in a business compromise, or multiple low findings could be chained together to result in a more significant business impact. Citing example findings across multiple sectors and geographic locations, the paper details what security testing results often look like, related challenges in an assurance context, the difference between security testing and other assurance activities, how to get management buy-in, and key recommendations on how best to use security testing as part of a digital assurance toolkit, with the caveat that scarce specialist skills are required. Keywords: penetration testing; information risk management; digital assurance; IT audit; cyber security (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2024:v:7:i:4:p:363-370 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.