Effectiveness of cybersecurity audit

IF 4.1 3区 管理学 Q2 BUSINESS International Journal of Accounting Information Systems Pub Date : 2022-03-01 DOI:10.1016/j.accinf.2021.100548
Sergeja Slapničar , Tina Vuko , Marko Čular , Matej Drašček
{"title":"Effectiveness of cybersecurity audit","authors":"Sergeja Slapničar ,&nbsp;Tina Vuko ,&nbsp;Marko Čular ,&nbsp;Matej Drašček","doi":"10.1016/j.accinf.2021.100548","DOIUrl":null,"url":null,"abstract":"<div><p>The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"44 ","pages":"Article 100548"},"PeriodicalIF":4.1000,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1467089521000506/pdfft?md5=b050c70f3813a42adea55305d2842ca4&pid=1-s2.0-S1467089521000506-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Accounting Information Systems","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1467089521000506","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS","Score":null,"Total":0}
引用次数: 0

Abstract

The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
网络安全审计的有效性
本文的目的是分析网络安全内部审计的有效性。为了解决这个问题,我们开发了一个由规划、执行和报告三个维度组成的网络安全审计指数。我们假设网络安全审计有效性与网络风险管理成熟度呈正相关,与网络攻击成功的概率呈负相关。我们通过对来自不同国家和行业的审计师和首席审计执行官的调查来验证我们的假设。我们发现,网络安全审计指数得分差异显著,在0到100的范围内,平均值为58。虽然计划和执行阶段存在强烈的正相关关系,但它们与向董事会报告网络风险管理有效性的相关性较弱。正如预测的那样,网络安全审计指数与成熟度呈正相关,但与预期相反,它与网络攻击成功的概率无关。这是第一篇全面衡量网络安全审计有效性及其对网络风险管理影响的论文。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
9.00
自引率
6.50%
发文量
23
期刊介绍: The International Journal of Accounting Information Systems will publish thoughtful, well developed articles that examine the rapidly evolving relationship between accounting and information technology. Articles may range from empirical to analytical, from practice-based to the development of new techniques, but must be related to problems facing the integration of accounting and information technology. The journal will address (but will not limit itself to) the following specific issues: control and auditability of information systems; management of information technology; artificial intelligence research in accounting; development issues in accounting and information systems; human factors issues related to information technology; development of theories related to information technology; methodological issues in information technology research; information systems validation; human–computer interaction research in accounting information systems. The journal welcomes and encourages articles from both practitioners and academicians.
期刊最新文献
Bridging the gap in talent: A framework for interdisciplinary research on autism spectrum disorder persons in accounting and information systems A scoping review of ChatGPT research in accounting and finance Digital transformation voluntary disclosure: Insights from leading European companies Understanding cybersecurity breach contagion effects: The role of the loss heuristic and internal controls Internal control risk disclosure, media coverage and stock price crash risk: Evidence from China
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1