GTAG: Auditing Cyber Incident Response and Recovery, 2nd Edition
October 29, 2024
Copyright Notice We are excited to share this publication with you. However, keep in mind that all content – including text, images, tables, and graphics – is protected by international copyright laws. You are welcome to reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that other than for your own personal use is strictly prohibited and may constitute a violation of copyright law resulting in civil and criminal penalties. If you would like to request permission to use our materials or have questions, please email copyright@theiia.org.
Cyberattacks have grown dramatically over time with increasing severity, and cybersecurity risks consistently rank among organizations’ most significant concerns.
This GTAG, updated to align with the Global Internal Audit Standards, covers risks and controls that correspond to the NIST CSF “respond” and “recover” functions and gives an overview of the relevant risks and controls to help an internal audit function plan and scope audit engagements. The guide’s references to external control frameworks can help internal auditors develop insightful testing approaches.
This guidance supersedes the previous edition published in 2022.