Scientist discovers significant knowledg ...

Scientist discovers significant knowledge gap in Big Four IT Auditor's theoretical knowled

Jul 27, 2022

Our international study discovered a significant knowledge gap in Big Four IT Auditor's theoretical knowledge and practical skill! (Deloitte, KPMG, EY, PwC, and more)

We discovered that the IT auditor's lack of hands-on skill in information technology influences data breach likelihood and technical evidence interpretation for critical infrastructure (power, water, communication, and banking)

๐“๐ก๐ž๐ฌ๐ž ๐ซ๐ž๐ฌ๐ฎ๐ฅ๐ญ๐ฌ ๐š๐ซ๐ž ๐ ๐ž๐ง๐ž๐ซ๐š๐ฅ๐ข๐ณ๐ž๐ ๐ญ๐จ ๐Ÿ๐Ÿ“๐Ÿ,๐ŸŽ๐ŸŽ๐ŸŽ ๐ˆ๐“ ๐š๐ฎ๐๐ข๐ญ๐จ๐ซ๐ฌ ๐ข๐ง ๐จ๐ฎ๐ซ ๐ข๐ง๐๐ฎ๐ฌ๐ญ๐ซ๐ฒ.

For instance, this assessment expounded on common concepts like least privilege and separation of duties via task-based activities. This strategy required the respondent to test their knowledge against specific technologies like Microsoft Server, Amazon Web Services (AWS), Palo Alto firewalls, Kubernetes containers, and Microsoft Azure.

Unfortunately, as IT auditors, we had inadequate levels of procedural knowledge. IT auditors had an average procedural knowledge score of 19.35 (Level 2 โ€“ Assist). See grading scale on page 465 (Note: Level 3 is average proficiency)

These findings suggest that the current education models in IT certification exams, college curricula, certification boot camps, and training seminars do not provide task-based skills to help implementers and assessors improve their procedural knowledge (demonstrable skills) and identify controls that reduce data breach likelihood. See SME and IT Auditor SFIA Procedural Knowledge Scores figure on pages 455 and 465.

However, I'm optimistic about our future. ๐Ÿ˜ In Chapter 5 (18 pages), I detail strategies on how we can improve our technical competency and create the next generation of cybersecurity auditors and cybersecurity professionals. Particularly by adopting National Initiative for Cybersecurity Education (NICE) and SFIA Foundation

Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditorsโ€™ Competency, Audit Quality, & Data Breaches - ProQuest

Enjoy this post?

Buy Dr. Blake Curtis, Sc.D a coffee

More from Dr. Blake Curtis, Sc.D