From Big Data to Ethical Standards: Redefining Security Auditing for a Digital Age


In the next three to five years the security auditing landscape will see a shift in perspective to adapt to stakeholder expectations and business needs. Security audits will likely strive to adopt a continuous, agile approach to auditing. Big Data and Machine Learning introduce new technologies and automation techniques to speed up data collection and review. Regulatory changes in major markets regarding data privacy and technological advancements will require a continuous approach to auditing to reduce risk and liability for stakeholders. In the wave of Covid-19 Ethical Standards and Privacy Policies will likely significantly alter the security auditing landscape as Americans demand a fundamental right to privacy and business owners seek data integrity. In addition to financial audits, stakeholders will need comprehensive reviews that include cybersecurity assessments and data governance (CAQ, 2020). To appease stakeholder needs, auditing will need to be more adaptive, proactive, and technology-driven, and long-term positions in organizations seeking to decrease risk will open up to corporations that desire continuous auditing and privacy from cybersecurity professionals familiar with their systems (AICPA & CIMA, 2023). 

My desire to integrate cybersecurity and compliance auditing into my software development background began with a desire to collaborate among professionals sharing an identifiable, agreed-upon ethical set of standards. While I am passionate about developing software, a constantly evolving threat landscape opens doors to stable corporate positions that provide job stability. As more and more tech positions become unstable, two-year contracts, I believe more and more professionals will integrate cybersecurity into their careers. Based on my courses at Maryville, I am looking forward to an increasing demand for professionals who can bridge the gap between technical cybersecurity measures and strategic risk management. Moving forward, the auditor’s professional requirements and audit standards will continue to trickle down into the corporate structure. As companies begin to integrate security training into their training modules, ethical standards will rise to new stakeholder expectations (Parikka, 2023). Directives would include auditing strategies for additional corporate spaces to promote a holistic approach to cybersecurity. By encouraging an environment where innovative ideas and risk management strategies are actively discussed corporations uplift company culture and remain resilient against costly threats to stakeholders.

As the security auditing landscape continues to evolve, embracing these changes will not only require adapting to new technologies and methods for success but also a fundamental shift in company culture and higher education. Stakeholders across all levels must remain proactive, ensuring that ethical standards and privacy concerns are at the forefront of this growing phase. This shift is not just about compliance. It's about securing trust in an era where data breaches are both common and costly. By doing so, we can safeguard the integrity of our data, strengthen our market position, and build consumer trust.

Resources

AICPA & CIMA. (2023). Embracing a digital, technology-driven mindset for audits. https://www.aicpa-cima.com/news/article/embracing-a-digital-technology-driven-mindset-for-auditsLinks to an external site.

Center for Audit Quality (CAQ). (2020). The Role of Auditors in Company-Prepared Cybersecurity Information: Present and Future. https://www.thecaq.org/the-role-of-auditors-in-company-prepared-cybersecurity-information-present-and-futureLinks to an external site.

Parikka, K. (2023). The Role of Employee Training in Security Audits: Building a Strong Human Firewall. https://blog.falcony.io/en/the-role-of-employee-training-in-security-auditsLinks to an external site.

Comments

Post a Comment

Popular posts from this blog

SalonAboutBeauty: Less Integration for Consistent Styling Across Components

Ensuring Consistent Variables Less provides several advantages for organizing CSS to ensure consistency across a website. The variables.less file defines reusable properties that allow a developer to easily communicate and maintain styles according to a style guide or theme.  The Less Web Development Cookbook describes properties in the variables.less file in relation to other programming languages: “Variables in Less are defined as the equivalent to statics in other programming languages. You assign a value to a variable once and use it everywhere in your code” (Meyghani & Jobsen, 2015, p. 50). It suggests that less allows a developer to set properties, such as colors and length, to variable names that retain their meaning and can be used everywhere in the code. Examples: @base-color: red, @primary: green.  By providing these definitions in a central location, developers create code consistency in all areas of the website. Creating an Organized File St...
Read more

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Read more