The Institute of Internal Auditors. (2021). Assessing cybersecurity risk.
Retrieved from https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/cybersecurity/gtag-assessing-cybersecurity-risk.pdf
Read Appendix D. Internal Audit Considerations for Cybersecurity Risk
This appendix The following components, organized by activities described in this guide, function together to address cybersecurity risk. Also included are considerations to monitor operating effectiveness that can be applied on a global scale.
Torkura KA, Sukmana MIH, Strauss T, Graupner H, Cheng F, Meinel C. Csbauditor: proactive security risk analysis for cloud storage broker systems. 2018 IEEE 17th international symposium on network computing and applications (NCA), Network Computing and Applications (NCA), 2018 IEEE 17th International Symposium on. November 2018:1-10. doi:10.1109/NCA.2018.8548329
In this journal article, the authors propose CS-BAuditor, a novel cloud security system that continuously audits CSB resources, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. The cloud state is maintained via a continuous snapshotting mechanism thereby ensuring fault tolerance.
Hampton, C., Sutton, S. G., Arnold, V., & Khazanchi, D. (2021). Cyber supply chain risk management: toward an understanding of the antecedents to demand for assurance. Journal of Information Systems, 35(2), 37–60.
Recognizing the need for effective cyber risk management processes across the supply chain, the AICPA issued a new SOC in March 2020 for assuring cyber supply chain risk management (C-SCRM) processes. This study examines supply chain relationship factors and cyber risk issues to better understand the demand for C-SCRM assurance. Resource-Advantage Theory of Competition provides the conceptual foundation for assessing the dual drivers of relationship building and cyber risk management on demand for assurance.
Haber, E., & Reichman, A. (2020). The user, the superuser, and the regulator: functional separation of powers and the plurality of the state in cyber. Berkeley Technology Law Journal, 35(2), 431–500. https://doi.org/10.15779/Z38V40K05C
Regulating cyber is complex and the role the state plays in this domain has thus far eluded systemic analysis. This article addresses this gap by offering a working definition of "cyber" and proceeds unearthing the polycentric roles and functions performed by various state entities in relation to digital-to-digital defense, offense, and surveillance. More specifically, the Article details the institutional matrix within which the state operates in cyber and then sheds an innovative light on the potential tensions between the state in its capacity as a user, a "superuser," and a regulator.
Sookhak, M., Yu, F. R., & Zomaya, A. Y. (2018). Auditing big data storage in cloud computing using divide and conquer tables. IEEE Transactions on Parallel & Distributed Systems, 29(5), 999–1012. https://doi.org/10.1109/TPDS.2017.2784423
This paper discusses the issues related to establishments that produce huge volumes of sensitive data, leveraging data outsourcing to reduce the burden of local data storage and maintenance. In this journal article, the authors present an efficient RDC method based on the algebraic properties of the outsourced files in cloud computing, which inflicts the least computation and communication cost.