journal header

Volume 1, 2020

This Week's Online-Exclusive Feature

Healthy Network Testing to Identify APTs
8 January 2020
Timothy Neuman, CISA, CIA

Advanced persistent threats (APTs) were utilized to breach financial information, costing millions of US dollars during the recent Facebook, Capital One, Google Plus and Uber breaches. APTs are so named because of their ability to hide in the backups and system memories and, therefore, survive the typical policies and procedures used to discover and destroy viruses, phishing attempts and other invasive malware. However, the analytical skills developed by internal auditors and the expert knowledge of network administrators can be combined to test for APTs effectively.

APTs are cybersecurity threats designed to hide inside, but not disrupt, the host network and relay information back to their creators. Unlike phishing, APTs are highly sophisticated and subtle, capable of acquiring not only discrete data, but also penetrating proprietary and copyrighted software; the successful creation of APTs requires extensive knowledge of cybersecurity protocols, procedures and routines. Read More >>

Indicates Online-Exclusive Content



This Week's Featured Blog

Using AI as a Defensive Tool
13 January 2020

In a previous Journal article, I wrote about artificial intelligence (AI) and talked about the massive amount of digital data that are being accumulated, how new digitally oriented technology is affecting us, the sources of online data (e.g., personal, private), how data are used and how a career in AI can be useful to those interested in developing the skills to use AI. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

The Components of the IT Audit Report

Auditing Software Licenses

Providing Audit Committee Guidance

Lessons From History

Developing the IT Audit Plan Using COBIT 2019

Auditing Cybersecurity


Full Journal Issues

Volume 1, 2019 Competing Interests of Privacy and Security

Volume 6, 2018 Future-Proofing Your Career

Volume 5, 2018 Digital Transformation

Volume 4, 2018 Economics of Technology

Volume 3, 2018 The Smart Transformation

Volume 2, 2018 Innovation Governance

Sponsored Feature Articles

Fluid Security

Why Security Product Investments Are Not Working

Why Attackers Are Turning Their Attention Toward ERP Applications

Innovating Internal Audit to Unlock Value

Centralized, Model-Driven Visibility Key to IT-OT Security Management

The AICPA’s New Cybersecurity Attestation Reporting Framework Will Benefit a Variety of Key Stakeholders