GTAG: Auditing Cybersecurity Operations: Prevention and Detection, 2nd Edition
February 12, 2025
Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.
This GTAG, aligned with the Global Internal Audit StandardsTM, helps practitioners gain a better understanding of high-level cybersecurity control objectives, allowing them to maximize the value they provide to organizations and stakeholders during audit engagements.
The guide directs practitioners to widely used control frameworks to help identify components of cybersecurity operations, including contributions to system planning and development, as well as controls to prevent or detect cyber incidents.
This guidance supersedes the previous edition published in 2022.