"A much-needed service for society today. I hope this book reaches information managers in the organization now vulnerable to hacks that are stealing corporate information and even holding it hostage for ransom." – Ronald W. Hull, author, poet, and former professor and university administrator A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.

The digitalization of companies is a recurrent topic of conversation for managers. Companies are forced to evolve at least as fast as their competitors. They have to review their organization, their processes, and their way of working. This also concerns auditors in terms of their audit strategy and working methods. Digitalization is the tip of the iceberg that represents the increasing reliance on information technology of the company’s information system. Companies have seen new competitors succeed with a digital approach, competitors that have opened new markets or new ways of interacting with their customers, and all business processes can be digitalized. In this new paradigm, auditors have to renew themselves too. Long gone are the days of auditors specializing in one technique, like financial auditors or IT auditors. This makes it a phenomenal opportunity for auditing to renew itself, embracing the vision of the company’s information system: long live the information system auditors! This book proposes you to go step by step from a common understanding of our history of auditing to gradually defining and justifying the impacts of digitalization on the audit strategy and the preparation of audits.

Auditing at the speed of risk requires internal auditors to rethink the way we work. Agile auditing provides a path forward that blends the best elements from agile project management and internal audit best practices. Leaders in internal audit are ready to incorporate an agile audit mindset in their departments, but most of the available resources provide theoretical ideas. Even when outside consultants lead an agile transition, the consultants primarily focus on adding agile ceremonies without addressing the fundamental mindset change required for an agile audit transformation. This book provides a practical guide for audit leaders to follow as a playbook for implementing agile across their department, impacting every facet of the audit lifecycle, and addressing the mental shift required for making a lasting change. Every chapter includes discussion questions to facilitate discourse or just to help you analyze your own department. Next, we look at a typical internal audit department as they attempt the transition from a traditional audit methodology to agile auditing so we can learn from their missteps and successes. The guidance in Agile Audit Transformation and Beyond includes the basics of agile auditing, practical directions for shifting each phase of the audit life cycle, common hurdles faced during the transition, and forward-looking thought leadership on expanding beyond internal audit into agile assurance.

With the continued progression of technologies such as mobile computing and the internet of things (IoT), cybersecurity has swiftly risen to a prominent field of global interest. This has led to cyberattacks and cybercrime becoming much more sophisticated to a point where cybersecurity can no longer be the exclusive responsibility of an organization’s information technology (IT) unit. Cyber warfare is becoming a national issue and causing various governments to reevaluate the current defense strategies they have in place. Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM provides emerging research exploring the practical aspects of reassessing current cybersecurity measures within organizations and international governments and improving upon them using audit and awareness training models, specifically the Cybersecurity Audit Model (CSAM) and the Cybersecurity Awareness Training Model (CATRAM). The book presents multi-case studies on the development and validation of these models and frameworks and analyzes their implementation and ability to sustain and audit national cybersecurity strategies. Featuring coverage on a broad range of topics such as forensic analysis, digital evidence, and incident management, this book is ideally designed for researchers, developers, policymakers, government officials, strategists, security professionals, educators, security analysts, auditors, and students seeking current research on developing training models within cybersecurity management and awareness.

"Ulf Mattsson leverages his decades of experience as a CTO and security expert to show how companies can achieve data compliance without sacrificing operability." Jim Ambrosini, CISSP, CRISC, Cybersecurity Consultant and Virtual CISO "Ulf Mattsson lays out not just the rationale for accountable data governance, he provides clear strategies and tactics that every business leader should know and put into practice. As individuals, citizens and employees, we should all take heart that following his sound thinking can provide us all with a better future." Richard Purcell, CEO Corporate Privacy Group and former Microsoft Chief Privacy Officer Many security experts excel at working with traditional technologies but fall apart in utilizing newer data privacy techniques to balance compliance requirements and the business utility of data. This book will help readers grow out of a siloed mentality and into an enterprise risk management approach to regulatory compliance and technical roles, including technical data privacy and security issues. The book uses practical lessons learned in applying real-life concepts and tools to help security leaders and their teams craft and implement strategies. These projects deal with a variety of use cases and data types. A common goal is to find the right balance between compliance, privacy requirements, and the business utility of data. This book reviews how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. It positions techniques like pseudonymization, anonymization, tokenization, homomorphic encryption, dynamic masking, and more. Topics include Trends and Evolution Best Practices, Roadmap, and Vision Zero Trust Architecture Applications, Privacy by Design, and APIs Machine Learning and Analytics Secure Multiparty Computing Blockchain and Data Lineage Hybrid Cloud, CASB, and SASE HSM, TPM, and Trusted Execution Environments Internet of Things Quantum Computing And much more!

The 21st century has been host to a number of information systems technologies in the areas of science, automotive, aviation and supply chain, among others. But perhaps one of its most disruptive is blockchain technology whose origin dates to only 2008, when an individual (or perhaps a group of individuals) using the pseudonym Satoshi Nakamoto published a white paper entitled Bitcoin: A peer-to-peer electronic cash system in an attempt to address the threat of “double- spending” in digital currency. Today, many top-notch global organizations are already using or planning to use blockchain technology as a secure, robust and cutting-edge technology to better serve customers. The list includes such well-known corporate entities as JP Morgan, Royal Bank of Canada, Bank of America, IBM and Walmart. The tamper-proof attributes of blockchain, leading to immutable sets of transaction records, represent a higher quality of evidence for internal and external auditors. Blockchain technology will impact the performance of the audit engagement due to its attributes, as the technology can seamlessly complement traditional auditing techniques. Furthermore, various fraud schemes related to financial reporting, such as the recording of fictitious revenues, could be avoided or at least greatly mitigated. Frauds related to missing, duplicated and identical invoices can also be greatly curtailed. As a result, the advent of blockchain will enable auditors to reduce substantive testing as inherent and control audit risks will be reduced thereby greatly improving an audit’s detection risk. As such, the continuing use and popularity of blockchain will mean that auditors and information systems security professionals will need to deepen their knowledge of this disruptive technology. If you are looking for a comprehensive study and reference source on blockchain technology, look no further than The Auditor’s Guide to Blockchain Technology: Architecture, Use Cases, Security and Assurance. This title is a must read for all security and assurance professionals and students looking to become more proficient at auditing this new and disruptive technology.

This book first discusses cyber security fundamentals then delves into security threats and vulnerabilities, security vigilance, and security engineering for Internet of Everything (IoE) networks. After an introduction, the first section covers the security threats and vulnerabilities or techniques to expose the networks to security attacks such as repudiation, tampering, spoofing, and elevation of privilege. The second section of the book covers vigilance or prevention techniques like intrusion detection systems, trust evaluation models, crypto, and hashing privacy solutions for IoE networks. This section also covers the security engineering for embedded and cyber-physical systems in IoE networks such as blockchain, artificial intelligence, and machine learning-based solutions to secure the networks. This book provides a clear overview in all relevant areas so readers gain a better understanding of IoE networks in terms of security threats, prevention, and other security mechanisms.

Leaders across the globe have a common challenge they cannot ignore: CHANGE. This must be embraced and effectively managed to remain relevant and successful in a dynamic operating environment. Embracing change, including technological innovations, collaboration, and timely sharing of information, is paramount to the survival and success of everyone in an ever-changing environment. In times of rapid change, organizations are often forced to adjust their strategic plans. Stakeholders usually need assistance to effectively manage the risks, unprecedented at times, and to capitalize on the opportunities that usually come with change. Change management must be effectively executed to assist in ensuring the viability of the organization. This book provides advice and guidance to assist stakeholders in navigating the challenges and demands of change. It includes insights, measures, and tools that have contributed to my success as a leader in the internal audit profession for 27 years.

Most people dread writing reports; they also dread reading reports. What they don’t realize is that the techniques that make writing more readable make it more powerful. This is especially relevant for professionals in areas such as audit, risk, compliance, and information security. This small volume provides the tools and techniques needed to improve reports. It does so through addressing crucial concepts all too often overlooked in the familiar rush to perform tasks, complete projects, and meet deadlines. These concepts – the role of culture in communication; the link between logic and language; the importance of organizing thoughts before writing; and how to achieve clarity – may seem academic or theoretical. They’re not. Unless writers understand their own thoughts, actions, and objectives, they cannot hope to communicate them at all – let alone clearly.

This book explores how digital transformation is reshaping the manner in which higher education sectors emerge, work, and evolve and how auditors should respond to this challenging and risky digital audit universe in transforming the higher education system. It serves to help professionals to understand the reality of performing the Chief Audit Executive (CAE) role in today’s evolving business economy, specifically in the higher education sector. It compares and contrasts the stated IIA standards with the challenges and realities auditors may face and provides alternative scenarios to gaining a "seat at the table." This book also provides insight into critical lessons learned when executing the CAE role relevant for digitally transforming universities. The main purpose of this study is to rethink the audit culture in the digital era and reveal the key characteristics that are open for improvement so that digitally transforming universities can be audited according to the higher education standards with a digitally supported value-added audit approach. Based on this approach, the audit culture is reassessed considering the digital university conceptual framework and business model. There are two main points to consider for the digital university work environment: traceability and auditability. In this respect, policy recommendations are made for best practices to achieve value-added digital audits in transforming universities. The book has been written from both the reality and academic perspectives of two experienced authors. Sezer is a past CAE, CEO, and long-term senior internal auditor who has worked in the internal audit role for various listed companies, financial institutions, and government entities. Erman has extensive information technology and university accreditation knowledge in the global higher education sector. This brings a blend of value-added approaches to the readers and speaks to issues about understanding and dealing with audit culture and business evolution in digitally transforming organizations along with the requirements for upholding IIA standards. Geared toward the experienced or new CAE, University Auditing in the Digital Era: Challenges and Lessons for Higher Education Professionals and CAEs can be a tool for all auditors to understand some of the challenges, issues, and potential alternative solutions when executing the role of university auditing. In addition, it can be a valuable reference for university administrators and CIOs, as well as academics and all stakeholders related to the higher education sector.