GTAG: Auditing Cybersecurity Operations: Prevention and Detection, 2nd Edition
February 12, 2025
Copyright Notice We are excited to share this publication with you. However, keep in mind that all content – including text, images, tables, and graphics – is protected by international copyright laws. You are welcome to reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that other than for your own personal use is strictly prohibited and may constitute a violation of copyright law resulting in civil and criminal penalties. If you would like to request permission to use our materials or have questions, please email copyright@theiia.org.
This GTAG, aligned with the Global Internal Audit StandardsTM, helps practitioners gain a better understanding of high-level cybersecurity control objectives, allowing them to maximize the value they provide to organizations and stakeholders during audit engagements.
The guide directs practitioners to widely used control frameworks to help identify components of cybersecurity operations, including contributions to system planning and development, as well as controls to prevent or detect cyber incidents.
This guidance supersedes the previous edition published in 2022.