Management, compliance & auditing

Top 6 cybersecurity books for IT auditors

Introduction

Like many other information security professionals, you probably have a library of books on the topic of your career choice. Not only that, but like many others, yours is probably not as complete as you would like. 

This article will detail the top six books that IT auditors need to have in their libraries. We will explore what the book is about, a little about the author and other information that will help you decide whether to add these books to your library.

1. “Auditor’s Guide to IT Auditing” by Richard E. Cascarino

This book belongs in every IT auditor’s personal library as it is perhaps one of the most on-point and practical books written on the subject of IT auditing today. Author Richard E. Cascarino holds a CISM certification, is a member of ISACA and helped spearhead auditing into South Africa. 

This book intends to be a sort of lens into different techniques of IT auditing for effectiveness and efficiency. It is filled with real-world case studies which present the reader with a workable implementation of the principles and techniques contained within. 

Having been described as a “reality check” for every IT auditor, this book will help IT auditors ensure they are examining the right issues with the right amount of focus. This second edition features an increased focus on the cloud, which many may find both relevant and helpful.

2. “IT Audit, Control, and Security” by Robert R. Moeller

Coming in at a close second, this book examines the nexus between IT auditing, controls and security. Author Robert R. Moeller is the founder of an internal audit consulting firm (Compliance and Control Systems Associates), the former chair of AICPA’s Computer Audit Subcommittee and former National Director of Computer Auditing with Grant Thornton. 

This book really brings home the bacon in terms of coverage: it packs a whopping 31 chapters covering everything from building effective IT internal audit functions to a full rundown of certifications that IT auditors will want under their belts. “IT Audit, Control, and Security” is a must-have for your library.

3. “Human-Computer Interaction and Cybersecurity Handbook” edited by Abbas Moallem

While this book may not directly cover IT auditing, it presents a solid view of how human-computer interaction impacts cybersecurity which underpins IT auditing. Don’t let the fact that is an ebook dissuade you from its usefulness: it covers a broad swath of cybersecurity topics, from the expected ones such as user authentication and biometrics to more unexpected ones including social engineering and smart cities under attack. 

Its chapters are written by different contributors including Francisco Corella, Mara Papadaki and Mark Schertler. Its editor, Abbas Moallem, is a professor at San Jose State University and is the author of “Cybersecurity Awareness Among Students and Faculty.” 

4. “Implementing Cybersecurity” by Anne Kohnke, Ken Sigler and Dan Shoemaker

If the saying “nothing in life is guaranteed except death and taxes” is a true statement, then “nothing in cybersecurity is guaranteed except controls and risk” is equally true. What distinguishes this book from the others on the list is that it offers an in-depth view at two of the most vital aspects of cybersecurity: controls and risk management. 

Some of the insights this book contains include a survey of existing risk management frameworks; selecting, assessing and implementing controls; and practical applications for the NIST Risk Management Framework. Its author, Anne Kohnke, is a Ph.D. and associate professor of cybersecurity and information systems at University of Detroit Mercy.

5. “Cyber Security and Privacy Control” by Robert R. Moeller

This ebook looks at IT auditing and privacy control from two different angles. First, it presents many of the cybersecurity concerns with regard to privacy that IT auditors should consider in the course of their audits. The second angle looks at internal procedures for IT auditing with a focus on privacy and security protection controls. 

For those looking for a more overlooked part of IT auditing, namely privacy concerns, this book will fill those knowledge gaps and make you a better IT auditor.

6. “Information Technology Control and Audit” by Angel R. Otero

No professional library would be complete without an all-encompassing reference that gives you a solid overview of the proverbial battlefield. This book provides a comprehensive overview of the IT landscape through the lens of IT auditing. This means everything from the nature of IT auditing to the COBIT framework and IT audit involvement in IT outsourcing. If you know a budding young IT auditor who is still getting their feet wet in the field, or even a seasoned veteran, this would be a phenomenal addition to their library. 

Author Dr. Angel R. Otero is a Ph.D., CISA and CRISC, and is a member of ISACA with 20 years of experience in information systems auditing.

Conclusion

There is almost an inherent comfort in knowing that books are still relevant in this digital age. Most professionals have some semblance of a library, and that library is never complete. For IT auditors looking to beef up their libraries, the six cybersecurity books listed above will provide an influx of knowledge and insight.

 

Sources

1. Robert R. Moeller, "IT Audit, Control, and Security 2nd Edition," Wiley, 2010
2. Abbas Moallem, "Human-Computer Interaction and Cybersecurity Handbook," CRC Press, 2018
3. Angel R. Otero, "Information Technology Control and Audit, Fifth Edition," CRC Press, 2018
4. Richard E. Cascarino, "Auditor's Guide to IT Auditing, + Software Demo 2nd Edition," Wiley, 2012