{"id":"https://openalex.org/W4399729066","doi":"https://doi.org/10.1109/syscon61195.2024.10553588","title":"Planning and Conducting Cybersecurity Audits to Assess the Effectiveness of Controls","display_name":"Planning and Conducting Cybersecurity Audits to Assess the Effectiveness of Controls","publication_year":2024,"publication_date":"2024-04-15","ids":{"openalex":"https://openalex.org/W4399729066","doi":"https://doi.org/10.1109/syscon61195.2024.10553588"},"language":"en","primary_location":{"id":"doi:10.1109/syscon61195.2024.10553588","is_oa":false,"landing_page_url":"https://doi.org/10.1109/syscon61195.2024.10553588","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Systems Conference (SysCon)","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041071341","display_name":"R\u00e9gner Sabill\u00f3n","orcid":"https://orcid.org/0000-0003-1807-2208"},"institutions":[{"id":"https://openalex.org/I4210116615","display_name":"Universidad Internacional De La Rioja","ror":"https://ror.org/029gnnp81","country_code":"ES","type":"education","lineage":["https://openalex.org/I4210116615"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Regner Sabillon","raw_affiliation_strings":["Universidad Internacional de La Rioja (UNIR),Logro&#x00F1;o,Spain"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Universidad Internacional de La Rioja (UNIR),Logro&#x00F1;o,Spain","institution_ids":["https://openalex.org/I4210116615"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049898363","display_name":"Michael Barr","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michael Barr","raw_affiliation_strings":["University of Bath,Saskatoon,Canada","University of Bath, Saskatoon, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Bath,Saskatoon,Canada","institution_ids":[]},{"raw_affiliation_string":"University of Bath, Saskatoon, Canada","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9702000021934509,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9702000021934509,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.7758082151412964},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6104276180267334},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5076769590377808},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.37312692403793335},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3018457889556885},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.23127973079681396}],"concepts":[{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.7758082151412964},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6104276180267334},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5076769590377808},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.37312692403793335},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3018457889556885},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.23127973079681396}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/syscon61195.2024.10553588","is_oa":false,"landing_page_url":"https://doi.org/10.1109/syscon61195.2024.10553588","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Systems Conference (SysCon)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W2794499744","https://openalex.org/W2795199263","https://openalex.org/W2963828417","https://openalex.org/W3200179876","https://openalex.org/W3201267031","https://openalex.org/W4247584314","https://openalex.org/W4256318103","https://openalex.org/W4362496681","https://openalex.org/W6802001644"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"This":[0],"article":[1],"reports":[2],"the":[3,11,14,43,64,76,86,95,102,124,151,201,204],"findings":[4],"of":[5,13,69,75,91,104,126,203],"an":[6],"empirical":[7],"study":[8,196],"that":[9,62,72,200],"assessed":[10],"effectiveness":[12],"CyberSecurity":[15],"Audit":[16],"Model":[17],"(CSAM":[18],"2.0)":[19],"in":[20,35,94,115,129,142,150,160],"a":[21,59,147,187],"different":[22],"Canadian":[23],"higher":[24],"education":[25],"institution.":[26],"CSAM":[27,56,127,134,205],"2.0":[28,57,128,135,206],"is":[29,58],"used":[30],"to":[31,37,46,80,216],"conduct":[32],"cybersecurity":[33,50,78,96,110,117,152,189,218,223],"audits":[34,111,159],"medium":[36],"large":[38],"organizations":[39,215],"or":[40],"even":[41],"at":[42],"national":[44],"level":[45],"assess":[47],"and":[48,53,66,89,98,112,140,166,169,174,182,185,220,225],"measure":[49],"assurance,":[51],"maturity,":[52],"cyber":[54,171,178],"readiness.":[55],"mature":[60],"model":[61,193,207],"enables":[63],"effective":[65],"comprehensive":[67,109,188],"assessment":[68],"security":[70],"controls":[71],"are":[73],"part":[74],"selected":[77],"domains":[79,162,224],"be":[81],"audited.":[82],"The":[83,121,195],"authors":[84],"examined":[85],"best":[87],"practices":[88],"methodologies":[90],"global":[92],"leaders":[93],"assurance":[97],"audit":[99,149,190],"field,":[100],"highlighting":[101],"absence":[103],"standardized":[105],"guidelines":[106],"for":[107,211],"conducting":[108],"identifying":[113],"weaknesses":[114,219],"general":[116],"awareness":[118,156],"training":[119],"programs.":[120],"paper":[122],"outlines":[123],"structure":[125],"detail,":[130],"including":[131],"its":[132],"architecture.":[133],"has":[136],"undergone":[137],"testing,":[138],"implementation,":[139],"validation":[141,202],"three":[143],"research":[144],"scenarios:":[145],"(1)":[146],"single":[148],"domain":[153],"focused":[154],"on":[155],"education,":[157],"(2)":[158],"various":[161],"such":[163],"as":[164],"governance":[165],"strategy,":[167],"legal":[168],"compliance,":[170],"risks,":[172],"frameworks":[173],"regulations,":[175],"incident":[176],"management,":[177],"insurance,":[179],"cloud":[180],"security,":[181],"evolving":[183],"technologies,":[184],"(3)":[186],"covering":[191],"all":[192],"domains.":[194],"concludes":[197],"by":[198],"demonstrating":[199],"provides":[208],"valuable":[209],"insights":[210],"future":[212],"decision-making,":[213],"enabling":[214],"address":[217],"enhance":[221],"their":[222],"controls.":[226]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-07-15T18:14:33.161393","created_date":"2025-10-10T00:00:00"}
