Auditor
External and internal auditors, particularly technology auditors evaluating various aspects of cybersecurity e.g. in support of financial audits, process reviews, supplier security checks, audits of cloud services, systems, networks, applications etc., software development project audits, safety audits ... Also general auditors needing an appreciation of the cybersecurity aspects of their assignments, either working with specialist colleagues or conducting their own checks, plus audit managers and supervisors planning, overseeing and reporting audit activities.
The book has value for:
Learning the lingo ranging from general concepts such as governance, risk, control and statistics to deep-dive technical security aspects such as cryptography and virtual systems.
Appreciating the connections between various elements, including peripheral risks and controls potentially worth exploring.
Scoping and planning audits, preparing checklists, audit tests, sampling and more.
Conducting audits, gathering evidence, assessing and evaluating it, considering pertinent aspects and drawing out reportable issues.
Documenting the work, from rough notes and working papers to audit reports, management and executive summaries, and presentations.
Using the appropriate terminology to describe findings, concerns, options and recommendations - blending technology with business language.
Exploring, understanding, challenging, arguing and defending points with colleagues, auditees, management and other stakeholders.