Practical guide to cybersecurity controls, systems, programs, and management

This book is a comprehensive, field-tested guide to the full spectrum of cybersecurity auditing, enabling readers to assess, evaluate, and improve security controls across today’s complex IT environments. It covers cybersecurity operations, governance, and risk management, offering a practical auditing roadmap that spans internal systems, cloud infrastructure, application development, and vendor ecosystems.

From the fundamentals of audit planning to the nuanced challenges of assessing hybrid environments, each chapter is structured to deliver actionable insights, technical depth, and strategic relevance. Forward-looking chapters explore automation, continuous auditing, and AI integration, making the book a future-ready resource in an evolving cybersecurity landscape.

Cybersecurity Auditing discusses:

• Security standards and regulations (NIST CSF/800-53, ISO 27001, SOC 2, PCI, HIPAA), risk assessment, and control design for modern systems
• Identity and access management, network and perimeter security, application and API security/CI-CD (DevSecOps)
• Incident response, crises and vulnerability management, pen test oversight, and third party and supply-chain security
• Audit reporting, executive communication, annual audit planning, and capability development

Suitable as a primary reference, instructional text, or professional desk guide, Cybersecurity Auditing provides the structure and depth needed to effectively elevate cybersecurity audit engagements and improve organizational assurance.

Jason Edwards, DM, CISSP, is an accomplished cybersecurity leader with extensive experience in the technology, finance, insurance, and energy sectors. Holding a Doctorate in Management, Information Systems, and Technology, Jason specializes in guiding large public and private companies through complex cybersecurity challenges.