Cybersecurity Auditing

Practical guide to cybersecurity controls, systems, programs, and management

Cybersecurity Auditing is a comprehensive, field-tested guide to the full spectrum of cybersecurity auditing, enabling readers to assess, evaluate, and improve security controls across today’s complex IT environments. It covers cybersecurity operations, governance, and risk management, offering a practical auditing roadmap that spans internal systems, cloud infrastructure, application development, and vendor ecosystems.

From the fundamentals of audit planning to the nuanced challenges of assessing hybrid environments, each chapter is structured to deliver actionable insights, technical depth, and strategic relevance. Forward-looking chapters explore automation, continuous auditing, and AI integration, making the book a future-ready resource in an evolving cybersecurity landscape.

Cybersecurity Auditing discusses: - Security standards and regulations (NIST CSF/800-53, ISO 27001, SOC 2, PCI, HIPAA) and risk assessment and control design for modern systems
- Identity and access management, network and perimeter security, application and API security / CI-CD (DevSecOps), cloud and saas security, data protection (encryption, DLP, key management), and logging, monitoring, and detection
- Incident response and crisis management, vulnerability management and pen test oversight, and third-party and supply-chain security
- Audit reporting and executive communication, and annual audit planning and capability development

Whether used as a primary reference, instructional text, or professional desk guide, Cybersecurity Auditing provides the structure and depth needed to effectively elevate cybersecurity audit engagements and improve organizational assurance.