Cybersecurity Resources for Internal Auditors
Internal audit has a growing responsibility in managing cyber risk. According to the 2025 Pulse of Internal Audit report, 78% of CAEs rank cybersecurity as a high or very high risk, yet it averages just 10% of audit coverage.
Whether you're focused on cloud vulnerabilities, third-party risks, AI and data governance, or ransomware readiness, our curated resources will help you bring cybersecurity to the forefront of your audit strategy.
Cybersecurity Topical Requirement Becomes Effective Soon
This Topical Requirement, a mandatory component of The IIA’s IPPF® that becomes effective February 6, 2026, provides a consistent, comprehensive approach to assessing the design and implementation of cybersecurity governance, risk management, and control processes. The requirements represent a minimum baseline for assessing cybersecurity. Download the companion user guide for assistance in its application.
2025 Cybersecurity Virtual Conference
This is a one-day virtual event taking place on October 16 that is designed to keep participants ahead of critical issues in data protection, privacy, and cybersecurity. The 2025 Cybersecurity Virtual Conference is a one-day conference specifically designed to ensure participants stay not only abreast, but a head of critical issues in data protection, data privacy and cybersecurity to become more responsive in their work.
Auditing the Cybersecurity Program Certificate
Be the critical barrier between a potential cyber-attack and your organization. This certificate program showcases fundamental competencies in 12 key areas that demonstrate the ability to effectively assess an organization’s cybersecurity governance, management practices, and program capabilities.
Choose your learning format:
- Instructor-Led Certificate Program – Learn with expert facilitators and peers in a guided, interactive format.
- OnDemand Certificate Program – Study at your own pace with flexible, 24/7 access.
Don’t hide from cyber risk, seek the resources and find the solutions.
Certificate Programs
Instructor-Led Training
- Auditing the Data Privacy Policy
- Fundamentals of Cybersecurity Auditing
- Fundamentals of IT Auditing
- Intermediate IT Auditing
On Demand
- Assessing Cybersecurity Risk: The Three Lines Model
- Auditing the Data Privacy Policy
- Ethical Scenarios for Technology
- Foundations of Internal Auditing in Financial Services Firms
- Logical Security: Application, Database, and Operating System Layers
- Logical Security: The Network Layer
- Understanding Insider Threats (Nano Course)
Webinars
Podcasts
- Getting Started With: Auditing Cybersecurity
- All Things Internal Audit Tech: Cybersecurity Challenges and AI Solutions
- All Things Internal Audit Tech: Risk and Cyber Opportunities With AI
- All Things Internal Audit Tech: The IIA’s New Cybersecurity Topical Requirement
Publications
Topical Requirements
Global Guidance
- Auditing Cybersecurity Operations: Prevention and Detection
- Auditing Cyber Incident Response and Recovery
- Auditing Identity and Access Management
- Auditing Mobile Computing
- Auditing Computing Infrastructure and IT Operations
- Assessing Cybersecurity Risk: The Three Lines Model
- IT Essentials for Internal Auditors
- Auditing Network and Communications Management
- Auditing Business Applications
- Understanding and Auditing Big Data
- Additional Guidance
Thought Leadership
- Global Perspectives and Insights: Cybersecurity
- Tone at the Top: The Boards Role in Cyber Resilience
Latest Research from the Internal Audit Foundation
- Natural Allies: Nurturing Cyber Resilient Cultures Through Internal Audit and Information Security Collaboration
- From AI to Cyber-Deconstructing a Complex Technology Risk Landscape
- Demystifying AI: Internal Audit Use Cases for Applying New Technology
- Solving the riddle: Harnessing Generative AI for internal audit activities
- Privacy and Data Protection: Part 3
- Additional Resources
Internal Auditor Magazine
