Practical guide to cybersecurity controls, systems, programs, and management
This book is a comprehensive, field-tested guide to the full spectrum of cybersecurity auditing, enabling readers to assess, evaluate, and improve security controls across today's complex IT environments. It covers cybersecurity operations, governance, and risk management, offering a practical auditing roadmap that spans internal systems, cloud infrastructure, application development, and vendor ecosystems.
From the fundamentals of audit planning to the nuanced challenges of assessing hybrid environments, each chapter is structured to deliver actionable insights, technical depth, and strategic relevance. Forward-looking chapters explore automation, continuous auditing, and AI integration, making the book a future-ready resource in an evolving cybersecurity landscape.
Cybersecurity Auditing discusses:
- Security standards and regulations (NIST CSF/800-53, ISO 27001, SOC 2, PCI, HIPAA), risk assessment, and control design for modern systems
- Identity and access management, network and perimeter security, application and API security/CI-CD (DevSecOps)
- Incident response, crises and vulnerability management, pen test oversight, and third party and supply-chain security
- Audit reporting, executive communication, annual audit planning, and capability development
Suitable as a primary reference, instructional text, or professional desk guide, Cybersecurity Auditing provides the structure and depth needed to effectively elevate cybersecurity audit engagements and improve organizational assurance.
