Cybersecurity: Based on the NIST Cybersecurity Framework 


download now
Free to members only.
Non-members Join today to get your free copy, or purchase the file for US $45.

  Provide feedback on this document
  View News Release
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community
Knowledge Center  Visit the Cybersecurity Knowledge Center community

Objective—To provide management with an assessment of the effectiveness of cybersecurity identify, and protect, detect, respond and recover processes and activities. The audit program is based on the NIST Cybersecurity Framework and covers sub-processes such as asset management, awareness training, data security, resource planning, recover planning and communications.

IT audit and assurance professionals are invited to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. You may modify the document, but it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work, and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.