SciELO - Scientific Electronic Library Online

vol.9 issue1Indoors positioning with Android, Bluetooth and RSSIAttacking an ERP with Open Source Software author indexsubject indexarticles search
Home Pagealphabetic serial listing  

Services on Demand




Related links

  • Have no similar articlesSimilars in SciELO


Enfoque UTE

On-line version ISSN 1390-6542Print version ISSN 1390-9363


SABILLON, Regner. A Practical Model to Perform Comprehensive Cybersecurity Audits. Enfoque UTE [online]. 2018, vol.9, n.1, pp.127-137. ISSN 1390-6542.

These days organizations are continually facing being targets of cyberattacks and cyberthreats; the sophistication and complexity of modern cyberattacks and the modus operandi of cybercriminals including Techniques, Tactics and Procedures (TTP) keep growing at unprecedented rates. Cybercriminals are always adopting new strategies to plan and launch cyberattacks based on existing cybersecurity vulnerabilities and exploiting end users by using social engineering techniques. Cybersecurity audits are extremely important to verify that information security controls are in place and to detect weaknesses of inexistent cybersecurity or obsolete controls. This article presents an innovative and comprehensive cybersecurity audit model. The CyberSecurity Audit Model (CSAM) can be implemented to perform internal or external cybersecurity audits. This model can be used to perform single cybersecurity audits or can be part of any corporate audit program to improve cybersecurity controls. Any information security or cybersecurity audit team has either the options to perform a full audit for all cybersecurity domains or by selecting specific domains to audit certain areas that need control verification and hardening. The CSAM has 18 domains; Domain 1 is specific for Nation States and Domains 2-18 can be implemented at any organization. The organization can be any small, medium or large enterprise, the model is also applicable to any Non-Profit Organization (NPO).

Keywords : cybersecurity; cybersecurity audit; cybersecurity audit model; cybersecurity assurance; cybersecurity controls..

        · abstract in Spanish     · text in English     · English ( pdf )