Obtaining reasonable assurance on cyber resilience
ISSN: 0268-6902
Article publication date: 7 January 2019
Issue publication date: 12 May 2021
Abstract
Purpose
The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.
Design/methodology/approach
The paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines.
Findings
Cyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations.
Originality/value
The presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint.
Keywords
Citation
Caron, F. (2021), "Obtaining reasonable assurance on cyber resilience", Managerial Auditing Journal, Vol. 36 No. 2, pp. 193-217. https://doi.org/10.1108/MAJ-11-2017-1690
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited