Provide feedback on this document
View News Release
Visit the Audit Tools and Techniques Knowledge Center community
Visit the Cybersecurity Knowledge Center community
Objective—To provide management with an assessment of the effectiveness of cybersecurity identify, and protect, detect, respond and recover processes and activities. The audit program is based on the NIST Cybersecurity Framework and covers sub-processes such as asset management, awareness training, data security, resource planning, recover planning and communications.
IT audit and assurance professionals are invited to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. You may modify the document, but it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work, and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.