See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327369940

Cybersecurity Tools for IS Auditing

Conference Paper · October 2018

DOI: 10.1109/ES.2018.00040

CITATION READS
1 2,916

4 authors, including:

Osamah Almatari Iman M. A. Helal

Cairo University Cairo University
4 PUBLICATIONS   1 CITATION    13 PUBLICATIONS   36 CITATIONS   

SEE PROFILE SEE PROFILE

Sherif Mazen
Cairo University
33 PUBLICATIONS   43 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Software Project Management View project

Correlating Unlabeled Events from Unmanaged Process Execution View project

All content following this page was uploaded by Sherif Mazen on 25 February 2019.

The user has requested enhancement of the downloaded file.

 Cybersecurity Tools for IS Auditing
Osamah M. Al-Matari Iman M. A. Helal
Dept. of Information Systems Dept. of Information Systems
FCI, Cairo University FCI, Cairo University
Giza, Egypt
Email: osamahalmatari@gmail.com Email: i.helal@fci-cu.edu.eg
Sherif Elhennawy
Information Systems Auditing Consultant
Email: selhenawy@gmail.com
Abstract—In a time of growing threats and advancing circum-
stances, receiving and keeping up a strong cybersecurity profile in
the enterprises are crucial. Important data and resources must be
protected. Nowadays, cybersecurity became a predominant issue
facing most organizations. It is recognized by organizations as
an enterprise-wide issue requiring protection and detection from
possible and malicious attacks to protect enterprise information
assets. Hence, enterprises are obligated to use multiple tools
for covering most of the cybersecurity aspects through different
operations and for supporting different levels of users.
Information systems auditing is becoming more difficult due to
the rapidly developing technological threats. Hence, having these
audits and reviews performed by independent functions increase
the likelihood of detecting control weaknesses and provides
further checks. These control issues are typically not due to the
failure of the technology. However, they are mostly the result of
individuals not executing the process, or using a process that is
poorly defended.
The main purpose of this research is to make a comparative
study of the capabilities of most of the available automated
cybersecurity auditing tools for frontend cloud computing. The
results of this comparative study lead to knowing how to secure
the enterprise’s assets by using automated tools and techniques.
Also, it uses clear steps to gather the information to provide the
evidence required in the final report of IS auditing.
Index Terms—Cybersecurity, Penetration Testing, Vulnerabil-
ity Assessments, Forensics
I. I NTRODUCTION
The governance and management of IT enterprise have
taken on a new meaning with the rapid growth of cybersecurity
and the multitude of best practices in the market. Cyberse-
curity is currently receiving an increased attention from the
management boards of many organizations due to the bad
publicity generated from the recent data breaches incidents.
Senior members of management and corporate boards have
lost their positions, and organizations had to spend valuable
resources in post-breach clean-up and to make their clients
and customers safe.
Infrastructure spending has increased as organizations at-
tempt to prevent the breaches from occurring especially to
distribute data with cloud computing. Also, the investments,
in several security technologies that support incident detection
and response mechanisms, are climbing to limit the damage
Sherif A. Mazen
Dept. of Information Systems
FCI, Cairo University
Giza, Egypt Giza, Egypt
Email: s.mazen@fci-cu.edu.eg
and liability if an incident occurs. The organizations go toward
using the powerful technology which is cloud computing.
For small organizations, one of the biggest problems can
be implementing effective cybersecurity controls, often due
to the lack of awareness, experience, or simply because they
are expensive. Also, sharing public cloud add challenge on
securing data and systems and keeping the organizations’ data
in independently servers. However, in larger organizations,
many of these controls will have technical IT staff who can
deal with most cybersecurity incidents and many of them have
their cloud, but still, suffer from the security issues.
Each organization needs to ensure the stability of its IT
operations and decrease escalating the incidents to above the
level of supporting on cloud frontend. The lack of using
cybersecurity in the cloud by IS auditors to check and maintain
the IT operations, motivated us to study the frameworks which
are relevant to cybersecurity control for IS auditors. Also, we
studied the cybersecurity tools that can be used to stop any
threats in different levels of management by IS auditors.
Our target is to study the information systems auditing
with cybersecurity considerations on cloud computing for
different enterprises. Using cybersecurity tools to check the
daily IT operations by IS auditors is helping us to form the fit
framework for enterprises. To build cybersecurity framework,
we must find the other cybersecurity frameworks that relevant
to IS auditing. No doubt the rise of cloud adoption has been
phenomenal in the past few years and there are no signs of its
slowing down, the question of security and risk have become
paramount.
The remainder of this paper is organized as follows: an
overview of cybersecurity and briefly discusses most of the
issues and types of Cyberattacks in section II. Section III
covers a discussion of related work. A comparative study of
the most available cybersecurity tools that support IS auditor
is discussed in section IV. Finally, we conclude the paper in
section V with an outlook for the future work.
II. C YBERSECURITY BACKGROUND
Cybersecurity is utilized to be moderately basic [1]. Most
of the cyber threats were infections, worms, and Trojan
horse [2]. These cyber threats haphazardly attacked com-
puters straightforwardly associated with the web, but still,
they postured small enterprise risk. Enterprise systems use
firewalls to protect against any threats from the outside and
use anti-virus security tools to protect against threats from the
inside. These enterprises appeared to be ensured and generally
secure. Occasionally, an occurrence would happen, and cyber
defenders would rally to eliminate it. Once the defenders
discovered the malicious code, detecting it and defeating it is
becoming clear. At that point, continuously, a change started
to take place and the Cyberattackers began getting inside the
enterprise systems. Once they were inside, they worked in a
stealthy manner.
Cyberattackers took control of tainted machines and con-
nected them to inaccessible command and control frame-
works [2]. They captured usernames and passwords and used
them to associate to frameworks for taking information or
cash. Cyberattackers exploited vulnerabilities inside the en-
terprise. They move along the side between computers on
the network and capture the credentials of increasingly people
inside the enterprise.
There are different kinds of attacks, such as Denial of
Service (DOS), Keylogging, Pass-the-Hash, Malware, Identity
Theft, Industrial Espionage, Pickpocket, Bank Heist, Ran-
somware, Hijacking, Sabotage, Sniper, Smoke-out, Social En-
gineering and Graffiti [3], [4]. Those threats need a strategy
for detecting and protecting. There are different types of coun-
teraction that IT companies can take [5], [6]. The following
few concepts are about testing, ensuring quality, and auditing
the system.
• Penetration Testing: It is basically an information as-
surance activity to decide if the information is suitably
secured. It is conducted by penetration testers, sometimes
called white hats or Ethical Hacking. These tests use
the same tools and techniques as the bad user’s black
hat hackers, but do it in a controlled way with the
clear permission of the target organization. Penetration
testing, essentially Pen Testing or Security Testing is
also known as ethical hacking [2], the technique is used
to discover vulnerabilities in network system before an
attacker exploits. This type of testing checks for the
information security at each stage in each area. However,
major penetration test areas have discussed by Yaqoob
[7].
• Computer Forensics: Forensics are called for any systems
security or IS auditors specialists managing network
security. They must be aware of the legal implications of
their forensic works and activities. These specialists must
consider their policy choices, technical responsibilities,
and activities in the setting of existing laws. For instance,
a security specialist must have authorization before s/he
monitors or conducts any form of forensic auditing,
examination, and/or collect data related to a computer
intrusion, detection.
The user awareness of information security has become vi-
tal. Aloul [8] shows the need for security awareness programs
in schools, universities, governments, and private organizations
in the Middle East. It presents the results of several security
awareness studies conducted between students and profession-
als in UAE in 2010. These studies include a comprehensive
wireless security survey in which thousands of access points
were detected in Dubai and Sharjah. Most of these access
points are either unprotected or use weak types of protection.
Another study focuses on evaluating the chances of general
users to fall victims to phishing attacks like credit cards,
emails, bending files. These attacks can be used to steal bank
and personal information. Moreover, a study of the users’
awareness of protection issues when using RFID technology
is displayed. Its aim is to specify how to raise awareness for
users in distinguishing sectors. Also, it mentions some threats
that affect the business process, but no talents can deal with
these threats based on the user’s background. Users need clear
plan and steps to overcome threats challenges.
III. R ELATED W ORK
This section focuses on the research covering four aims and
directions: cloud computing, cybersecurity and cyberattacks,
information security maturity, and cybersecurity frameworks.
It discusses the research done to assess the vulnerabilities
through different methodologies and techniques. First, in the
cloud computing direction, it observes and analyzes informa-
tion systems auditing development to the organizations. Sec-
ond, in the cybersecurity and cyberattacks direction, it studies
the level of user awareness of the security issues. Finally, it
considers several trials to build models and frameworks to
protect data and detect threats and their maturity level.
A. Cloud computing
Cloud computing is used as a solution for many organi-
zations to perform operations by using higher performance
servers and networks, while reducing the cost and process
time. In [9], the authors discuss the security issues for cloud
computing with big data applications, then divided to frontend
and back-end. The frontend is represented by users computer
and software that access the cloud, while the back-end is
represented by computers, servers and database systems that
create the cloud. They try to overcome the challenge of
detecting and preventing the threats by using big data analysis
in the early stages.
The National Institute of Standards and Technology (NIST)
[10] provided an overview of the typical characteristics, ser-
vice models, and deployment models of cloud computing,
Software as a Service (SaaS), Platform as a Service (PaaS),
and Infrastructure as a Service (IaaS). The deployment model
consists of three models (1) public, (2) private, and (3) hybrid.
In [11], the authors analyzed the effect of the combination
of cloud computing and Software-defined networking (SDN)
on Distributed Denial of Service (DDoS) attack, defense and
the SDN can be more effective and efficient on the cloud
computing environment.
 Moreover, in [12], the authors presented the data centre
challenge as the lack of security control, and the traditional
software security tools are not able to solve the security issues
of cloud computing. Also, they recommended the organiza-
tions to adopt the public cloud because the security risks.
In [13], the authors introduce the mostly security concern
like software security, infrastructure security, storage security,
and network security. The organizations need the third-party
to manage the policy and service level agreement. Also,
they highlighted the role of forensic tools and techniques
to investigate the Cybercrime, gather and examining digital
evidence by operating on forensic images, memory dumps,
logs and network captures.
There are other research that view the different challenges of
threats and solutions to security and privacy [14], [15]. Also,
they proposed a model for cloud computing security. In [15],
the authors highlighted continuous auditing concept to adopt
cloud services and obtain a highly reliable on the operations.
Also, they recommended to use Computer Assisted Auditing
Techniques (CAAT), vulnerability scanning and penetration
tools depending on the auditor’s context to support corporate’s
efficiency. Also, in [16], the authors examined the tools to
secure the cloud through monitoring capability cloud opera-
tional areas and classify these tools to two categories Cloud-
specific and non-Cloud-specific. Finally, in [17], the authors
discussed the intrusion detection techniques in a cloud envi-
ronment. These techniques use the knowledge base systems
or the machine learning algorithms to determine and detect
the attacks of behavioural profiles of the users or suspicious
activities.
B. Cyberattacks and Cybercrimes awareness
According to [18], the authors discuss the current cyberse-
curity beliefs and data security viewpoints. The researchers
present a pattern where all these areas are connected to
data assurance. They discuss data security engineering and
the connected components considering data treatment on the
internet.
Users need to be aware of few flow schema almost existing
Advanced Persistent Threats (APTs) and exploits. It does not
get in profundity to realize cybersecurity forms through some
practices. Moreover, there is a blend in the usage of the
terms: cybersecurity, cybercrime, and cyberspace. However,
each term is distinctive in its behaviour and reaction to the
threats for frameworks and systems. For example, cybersecu-
rity technique does not have the plan to prevent the threats
to the organization. Cybercrime is an attack on information
about individuals, corporations, or governments. Cyberspace
refers to a block of data floating around a computer system or
network.
In [19], the authors present methodologies and techniques
involved in Vulnerability Assessment and Penetration Testing
(VAPT), along with its benefits and precautions. They aim at
creating a high-level of cybersecurity awareness and impor-
tance at all levels of an organization, enabling them to adopt
required-up-to date security measures and remain protected
from various cyberattacks VAPT is a valued assurance assess-
ment tool that benefits both businesses and its operations. For
an organization to stay guaranteed of its security infrastructure,
it must lead VAPT occasionally. It guarantees the security level
of its part frameworks and assets. Also, it informs about any
new vulnerabilities and exploits possible. This may lead to
financial and data losses.
Vulnerability assessment was shown in some approaches to
scan threats, such as [20]. The authors proposed an automated
and proactive cyber-physical contingency analysis tool, CPIn-
dex. It specifies the seriousness of the current threats and the
current system status. This analysis can further specify how
to deal with these threats and decide their effects.
C. Information Security Maturity
In [21], the authors have proposed the CHaracterizing
Organizations Information Security for Small and medium
enterprise (CHOISS) model. They relate measurable organiza-
tional characteristics in four categories through 47 parameters
to help Small and Medium Enterprises (SMEs) distinguish
and prioritize which risks to mitigate. The rationale and
action associated per identified organizational characteristics
into four categories: General, Insourcing and Outsourcing, IT
Dependency, and IT Complexity.
CHOISS presents the distinction between a variety of dif-
ferent organizations. To reach a high IS maturity level, an
organization must implement a tailored set of focus areas and
capabilities. The researchers have considered only the infor-
mation security in the organization by Confidential, Integrated,
and Available (CIA), and escaped cybersecurity process for
assessing risks and vulnerabilities for each level of Capability
of Maturity Model (CMM). They considered just the data
security in the association by CIA and got away digital security
process for appraisal risks and vulnerabilities for each level of
CMM.
According to the C2M2 model presented in [22], it is used
by an organization to evaluate its cybersecurity capabilities
consistently, communicate its capability levels in meaningful
terms, and inform the prioritization of its cybersecurity in-
vestments. This model concentrates on dividing cybersecurity
for the organization to the SMEs in three class maturity
indicator levels [MILs] 0–3 (MIL0, MIL1, MIL3) and divided
by 10 domains. Each domain is documented by the activities.
The model uses the evaluation to identify gaps in capability,
prioritize those gaps and develop plans to address them, and
finally implement plans to address the gaps.
D. Cybersecurity Frameworks
There are several trials for providing frameworks that sup-
port cybersecurity, such as National Institute of Standards and
Technology (NIST) [23], National Information Assurance and
CyberSecurity Strategy (NIACSS) [24], and ISO 27001/27002
Version 2013 [25], [26].
In [27], Barrett provide guidance on how the Framework
for Improving Critical Infrastructure Cybersecurity (known as
Cybersecurity Framework) can be used in the U.S. federal gov-
ernment in conjunction with the current and planned suite of
National Institute of Standards and Technology NIST security
and privacy risk management publications. This framework
assists federal agencies in strengthening their cybersecurity
risk management. It helps them decide an appropriate imple-
mentation of the Cybersecurity Framework.
The relationship between the Cybersecurity Framework, the
National Institute of Standards and Technology (NIST) and
Risk Management Framework are discussed in eight use cases
[27]. However, these cases tend to consider risk management,
procedures and evaluate organizations cybersecurity. The result
of these cases includes benefits to achieve them, typical
participants and a summary of the number of incidents solving
as sequence steps.
In [24], the authors apply the National Information Assur-
ance and Cybersecurity Strategy (NIACSS) of Jordan. Jorda-
nian Government organizations and private division are for the
most part essential, not efficient. The weaknesses in the previ-
ous approaches, coupled with fast progressions in technology
place the National systems and the Basic National Framework
Critical National Infrastructure (CNI) at risk. The key goals
aim to: (1) strengthen national security, (2) reduce risks to
CNI, (3) reduce harm and recovery time, (4) improve the
economy and national success, and (5) increase cybersecurity
and awareness.
The International Organization for Standardization (ISO)
created the ISO 27000 series of standards. ISO 27001 is the
specification for an enterprise information security manage-
ment system (ISMS) [26], and ISO 27002 is the code of
practice for information security controls [25]. Enterprises can
be accredited for ISO 27001 by following a formal audit
process that requires independent accreditation by an outside
auditor. The 2013 version of this standard reduces the number
of controls, but it adds additional domains for cryptography,
operations security, and supplier relationships.
Another recent framework proposition in [28], the authors
have built a cybersecurity framework (SHIELD) that acts as
Security as a Service (SecaaS). They are targeting real-time
incident detection and mitigation in the big data environment.
SHIELD framework combines three concepts (1) Network
Functions Virtualization (NFV), (2) SecaaS, and (3) Big Data
Analytics and Trusted Computing (TC). Then, it provides a
cybersecurity solution based on user requirements and use
cases. They used use cases, user stories, and online surveys to
map and rank user requirements.
IV. AUTOMATED C YBERSECURITY AUDITING T OOLS
The fundamental challenge with a cybersecurity audit is to
get the relevant tools that cover the threats to the operations
[2]. These tools aid in solving the problems without escalating
them to the higher level of support. The IS auditor intends to
collect evidence that proves nothing malicious or unexpected
incidents occurred during the auditing time. In general, audits
work in a similar manner. It starts with collecting evidence
from the available records to indicate the proper operation of
the automated system or operational process.
There are other factors that affect every organization and
add difficulties in securing its data. Some of these factors are
the hardware used in the infrastructure, the supported oper-
ating systems, communication protocols, and the underlying
tools and techniques for handling threats. There are several
cybersecurity tools that support these domains; however, they
are out of our scope.
In general, cybersecurity tools are widespread in different
fields of computer countermeasures and address the attacks.
Some tools carry out in networks, applications, operating
systems, and web-based applications. We aim to determine
the main tools for IS auditor through four different phases and
how IS auditor can explore the source of threats and evaluate
the possible risks.
The importance of using cybersecurity tools by IS auditors
in four tasks can be explained in sequential steps to guarantee
and achieve the enterprise operations. In the first information
gathering task, the information must be collected to illustrate
enterprises tendency and assess the possibility of attacks [29].
There are a lot of tools in the process of gathering infor-
mation. Then, scanning task obtains the target ports weakness
that boosts the full image for IS auditor by specifying the gaps
that happen in daily operations [30]. After that, examinations
task helps IS auditor to form an awareness for expecting risks
and find out the steps to put the operations on the safe side
and acceptable mode [31]. Lastly, forensic investigations and
aggregation evidence task [32]. It captures the source and the
main details of the attack to make a summary report about the
enterprise’s current situation, in case of receiving external or
internal threats.
The chosen tools aid the IS auditor to evaluate the risks
and threats in the enterprises, from insider or outsider, by
checking the previous steps. The investigation leads to using
information security as an auditing tool to analyze and report
on an organization’s strengths, weaknesses, and needs.
In Table I, we compare some of the recent cybersecurity
tools that hackers can misuse to perform cyberattacks and
cause serious damages. These tools are adapted of EC Coun-
cil1 organization and community. They provide the users with
cybersecurity knowledge and tools to cover the security issues
in different domains of cybersecurity control and auditing.
They are divided into four main tasks (1) information gathering
(i.e. understand the target domain and collect valuable infor-
mation), (2) scanning (i.e. scan target IP addresses for possible
vulnerabilities), (3) exploitation (i.e. attack the possible vulner-
abilities to detect and prevent hack them from other sources),
and (4) forensics (i.e. collect the evidence and investigate the
available resources) [1].
Within each task, there are different tools, each has a
brief description of the supported functions, limitations and
supported Operating Systems (OS). Tools are ordered in the
table by their release date. It states the main technology tools
1 https://www.eccouncil.org/, accessed 18/Jul/2018
 TABLE I
C OMPARATIVE A NALYSIS OF AVAILABLE AUTOMATED AUDITING T OOLS .
Serial
Task

Tool Name Supported Functions Limitations OS

Macintoch
Windows

Linux
- Extracts valuable data
Information

1 Netcraft [33] - Targets websites; e.g. IP address, OS used, DNS server Relies solely on a blacklist X X
Gathering

- Anti fraud and Anti Phishing

- Queries DNS servers
NS Lookupa
2 - Obtains records about the various hosts Requires personnel training X
[1]
- Finds mail server for the target website
- Extracts information from DNS
3 Dig [34] Zone transfer restrictions X
- Transfers zone for the target domain
Advanced Port - Identifies which ports are open
Scanning

4 b Possible exploitation of open ports X

Scanner [2] - Determines available services on the target system
Netsparkerc - Identifies a wide area of vulnerabilities - Expensive and restricts the number of websites
5 X
[1] - Reduces the scan time - Difficult to configure
- Scans target networks
NMAP - Determines per each online host: - Only supports ethernet interfaces
6 X X X
[35], [36] o Offered services (web, mail servers, . . . ) - Cannot automatically scan the machine in Windows
o Running OS
Nessusd - Exploits the vulnerabilities in the system configuration
7 Requires learning a scripting language; e.g. NASL X X X
[2], [37] - Scan hosts for vulnerabilities
- Requires OS only Linux-based
Metasploite - Provides researching security vulnerabilities
Exploitation

8 - Limited capabilities for the free version X X

[3], [38] - Developing code to attack vulnerability
- Requires personnel training
- Defeats or cracks passwords
- Complex passwords are time-consuming
Ophcracke - Comes with a Graphical User Interface and runs on
9 - Requires physical access to the target machine X X X
[1] multiple platforms
- Needs large rainbow tables for cracking the strong password
- Dumps directly from the SAM files of Windows
- Gain access to systems as network sniffing
Wiresharkf - Requires IS auditor training
10 - Network monitoring X X
[1], [39] - Consuming time for capturing packet network traffics
- Infrastructure management tool
- A penetration testing tool, that focuses on the web browser - An offensive tool, not a defensive tool
11 BeEFg [2] X X
- It is an open source - Requires personnel training
Dradis - An open source framework - Limited capabilities for the free version
12 X X X
Proh [7] - Has a GUI interface - Requires personnel training
- Verifies file systems of acquired images
FTK Imager - Helps to extract data from images through recovery - No multi-tasking capabilities
13 X
[40] deleted images - Requires personnel training
- Logs all investigator actions when analyzing the image
Forensic

Event log - A robust application for interactively examining event logs

14 Limited capabilities for the free version X
explorer [2] - Easy access of stored workspaces
Log Parser Allows IS auditor to run structured query language (SQL) searches - Does not accept offline registry files as input
15 X
[41] across a variety of data sources - Requires personnel training
- Support for over 300 different file formats
Quick View - No support for other platforms
16 - Easy integration with document management systems X
Plusi [1] - Limited capabilities for the free version
- Review platforms, and litigation case management applications
- No support for other platforms
BlackBag
17 Leading forensic analysts as a comprehensive forensic software tool - Limited capabilities for the free version X
BlackLightj [1]
- Requires personnel training
-
Preview, assess, acquire, authenticate and analyze storage devices
Smart Linuxk - No support for other platforms
18 -
Identify and recover deleted files X
[2] - Requires personnel training
-
Search file systems
-
Obtain Forensically Sound Acquisitions
Encase - Very complex, non-intuitive
19 -
Provide Actionable Data, Report on it, and Move on to the Next Case X
forensicl [2] - Requires personnel training
-
Save Valuable Time with Advanced Productivity Features
- Command line tool
The Sleuth - Open Source Digital Forensics
20 - Limited capabilities for the free version X
Kitm [1] - Allows disk images analysis and recover files from them
- Requires personnel training
a https://network-tools.com/, accessed 15/Apr/2018. b https://www.advanced-port-scanner.com/, accessed 18/Apr/2018.
c https://www.netsparker.com/get-demo/, accessed 18/Apr/2018. d https://www.tenable.com/products/nessus/nessus-professional, accessed 15/Apr/2018.
e https://www.metasploit.com/, accessed 15/Apr/2018. f https://www.wireshark.org/download.html, accessed 15/Apr/2018.
g http://beefproject.com/, accessed 18/4/2018. h https://dradisframework.com/, accessed 18/Apr/2018.
i https://www.avantstar.com/, accessed 17/Apr/2018. j https://www.forensiccomputers.com/software/blackbag/blacklight.html, accessed 18/Apr/2018.
k http://asrdata.com/forensic-software/smartlinux/, accessed 18/Apr/2018. l https://www.guidancesoftware.com/encase-forensic, accessed 18/Jul/2018.
m https://www.sleuthkit.org/, accessed 18/Jul/2018.
that IS auditor can use to check the threats and write a report
about the error finding by automated tools. The main criterion
is to look for a reliable open source tool if any available,
or the tools supporting multiple operating systems. Table I
focuses on cloud frontend that allows using tools to detect,
gather information, analyzes daily operations and obtain the
evidence through four tool’s categories.
Table I illustrates a sample of the latest cybersecurity tools
that can aid the auditors in doing their work. Enterprise cy-
bersecurity teams are struggling to overcome the gap between
the needed security talents and the provided security talents
within the enterprise. Most of the cybersecurity tools require
user training, as they are difficult to use based on the tool’s
manual alone. Emerging new technologies means new threats
and added cost of protection. Lastly, IS auditor needs to collect
evidence and prepare the reports.
The daily operations and processes need to be protected
without delay to deliver services. Cybersecurity must be con-
sidered in the enterprises, so there are several attempts to find
relevant tools to bridge the security gaps. The cybersecurity
passes through many phases, we concentrate on the cyberse-
curity in daily operations to avoid escalating the process to
the support team. The main reason to fail in detecting and
preventing the threats is to get knowledge about the hacking
tools and techniques and stopping the attacks on time. The
second reason is tools availability, most of the tools are made
for commercial purposes that need a fee for using them.
The last reason is the usability and training, cybersecurity
tools are difficult to use without intensive training and strong
background to simplify the knowledge of the concepts and
terms.
Automated Cybersecurity Auditing Tools vs. Tasks
Forensic
Exploitation
Scanning
Information Gathering
0 2 4 6 8 10
Windows Linux Macintoch
Fig. 1. Distribution of available automated Cybersecurity Auditing Tools over
Tasks
Fig. 1 illustrates the number of the available tools supporting
each task of the IS auditor. It shows the lack of support for
the “information gathering” task by the auditing tools, while
the “forensic” task is gaining more attention. Fig. 2 illustrates
the compatibility of the available tools with various operating
systems. It shows the lack of support for the operating systems,
other than Microsoft Windows operating system. Moreover,
Supported Operating Systems
Macintoch
Linux
Windows
0 2 4 6 8 10 12 14 16
Information Gathering Scanning Exploitation Forensic
Fig. 2. Distribution of Tasks over the supported Operating Systems
the auditing tools for the “information gathering” task are not
supported in Macintosh operating system.
V. C ONCLUSION AND F UTURE W ORK
Cybersecurity is becoming one of the raising issues that
most organizations are aiming for. Cyberattacks have different
shapes and targets, which make it different for a security
personnel to manage without proper and extensive training.
The maturity of the systems, applied in these organizations,
plays a main factor in providing cybersecurity.
IS auditing is one of the critical tasks in an organization. It
is a difficult and extensive task that need technical support for
applying them. There are several tools that support the process
of auditing, however, most of these tools are commercial and
do not support all the tasks required by IS auditor. This can
lead to cost a huge amount of money on software tools alone.
Hence, there are many trials to propose a cybersecurity frame-
work to protect the enterprises. These frameworks, however,
lack the support for daily operations.
In this paper, we made a comparative study of cybersecurity
auditing tools and auditing frameworks. These automated tools
could help the IS auditors to fulfill the auditing process.
However, there are some obstacles to carry out them like usage
difficulties. Moreover, only a few tools that are free to use,
while the others need payment for the full service.
Each tool takes action for special purposes like information
12
gathering, penetration, or exploitation. So, there is no singular
tool that works as an integrated tool which has a dashboard to
control the incidents, threats, and attacks that could happen
on daily operations. Computer assets need to be protected
and checked by the IS auditors with an integrated tool. There
should be a complete framework that acts as an integrated tool.
This framework can help the IS auditor to control the risks at
the proper time and to stop the escalation of the cyberattacks.
The proposed future work is to build a framework for
integrated tools to make the process of auditing cybersecurity
easier and comprehensive for IS auditors. This framework
will be aligned with recent technologies and related issues
of cybersecurity.
 R EFERENCES
[1] P. Engebretson, The Basics of Hacking and Penetration Testing: Ethical
Hacking and Penetration Testing Made Easy. Elsevier, 2011.
[2] S. E. Donaldson, S. G. Siegel, C. K. Williams, and A. Aslam, Enterprise
Cybersecurity. Berkeley, CA: Apress, 2015.
[3] M. P, D. R, and D. M., “CYBER ATTACKS AND SECURITY IN
CURRENT SCENARIO,” International Journal of Current Trends in
Engineering & Research (IJCTER), vol. 2, no. 10, p. 124, 2016.
[4] R. W. Taylor, E. J. Fritsch, and J. Liederbach, Digital Crime and Digital
Terrorism, 3rd ed. Upper Saddle River, NJ, USA: Prentice Hall Press,
2014.
[5] P. S. Shinde and S. B. Ardhapurkar, “Cyber security analysis using
vulnerability assessment and penetration testing,” in 2016 World Confer-
ence on Futuristic Trends in Research and Innovation for Social Welfare
(Startup Conclave). IEEE, feb 2016, pp. 1–5.
[6] S. Shah and B. M. Mehtre, “An overview of vulnerability assessment
and penetration testing techniques,” Journal of Computer Virology and
Hacking Techniques, vol. 11, no. 1, pp. 27–49, nov 2015.
[7] I. Yaqoob, S. A. Hussain, S. Mamoon, N. Naseer, J. Akram, and
A. ur Rehman, “Penetration Testing and Vulnerability Assessment,”
Journal of Network Communications and Emerging Technologies
(JNCET) www. jncet. org, vol. 7, no. 8, 2017.
[8] F. A. Aloul, “The Need for Effective Information Security Awareness,”
Journal of Advances in Information Technology, vol. 3, no. 3, aug 2012.
[9] V. V. N. Inukollu, S. Arsi, S. Rao Ravuri, and S. Ravuri, “Security Issues
Associated with Big Data in Cloud Computing,” International Journal
of Network Security & Its Applications, vol. 6, no. 3, pp. 45–56, may
2014.
[10] J. T. Force, “Security and Privacy Controls for Federal Information
Systems and Organizations,” Transformation Initiative Joint Task Force,
Tech. Rep., apr 2013.
[11] B. Wang, Y. Zheng, W. Lou, and Y. T. Hou, “DDoS attack protection
in the era of cloud computing and Software-Defined Networking,”
Computer Networks, vol. 81, pp. 308–319, apr 2015.
[12] S. A. Aljawarneh and M. O. B. Yassein, “A Conceptual Security
Framework for Cloud Computing Issues,” International Journal of
Intelligent Information Technologies, vol. 12, no. 2, pp. 12–24, apr 2016.
[13] M. Ali, S. U. Khan, and A. V. Vasilakos, “Security in cloud computing:
Opportunities and challenges,” Information Sciences, vol. 305, pp. 357–
383, 2015.
[14] N. H. Hussein and A. Khalid, “A survey of cloud computing security
challenges and solutions,” International Journal of Computer Science
and Information Security, vol. 14, no. 1, pp. 52–56, 2016.
[15] S. Lins, S. Schneider, and A. Sunyaev, “Trust is Good, Control is Better:
Creating Secure Clouds by Continuous Auditing,” IEEE Transactions on
Cloud Computing, pp. 1–1, 2016.
[16] K. Fatema, V. C. Emeakaroha, P. D. Healy, J. P. Morrison, and T. Lynn,
“A survey of Cloud monitoring tools: Taxonomy, capabilities and
objectives,” pp. 2918–2933, oct 2014.
[17] P. Mishra, E. S. Pilli, V. Varadharajan, and U. Tupakula, “Intrusion
detection techniques in cloud environment: A survey,” pp. 18–47, jan
2017.
[18] R. de Oliveira Albuquerque, L. J. GarcÃa Villalba, A. L. Sandoval
Orozco, R. T. de Sousa Júnior, and T. H. Kim, “Leveraging infor-
mation security and computational trust for cybersecurity,” Journal of
Supercomputing, vol. 72, no. 10, pp. 3729–3763, oct 2016.
[19] S. Shah, “A Modern Approach to Cyber Security Analysis Using Vul-
nerability Assessment and Penetration Testing,” International Journal of
Electronics Communication and Computer Engineering, vol. 4, no. 6,
pp. 47–52, 2013.
[20] C. Vellaithurai, A. Srivastava, S. Zonouz, and R. Berthier, “CPIndex:
Cyber-physical vulnerability assessment for power-grid infrastructures,”
IEEE Transactions on Smart Grid, vol. 6, no. 2, pp. 566–575, mar 2015.
[21] F. Mijnhardt, T. Baars, and M. Spruit, “Organizational characteristics
influencing sme information security maturity,” Journal of Computer
Information Systems, vol. 56, no. 2, pp. 106–115, jan 2016.
[22] P. Curtis, N. Mehravari, and J. Stevens, “Cybersecurity Capability
Maturity Model for Information Technology Services (C2M2 for IT
Services), Version 1.0,” Defense Technical Information Center, 2015.
[23] C. Greer, D. A. Wollman, D. E. Prochaska, P. A. Boynton, J. A. Mazer,
C. T. Nguyen, G. J. FitzPatrick, T. L. Nelson, G. H. Koepke, A. R.
Hefner Jr, V. Y. Pillitteri, T. L. Brewer, N. T. Golmie, D. H. Su,
A. C. Eustis, D. G. Holmberg, and S. T. Bushby, “NIST Framework
View publication stats
and Roadmap for Smart Grid Interoperability Standards, Release 3.0,”
National Institute of Standards and Technology, Tech. Rep., oct 2014.
[24] I. Atoum, A. Otoom, and A. A. Ali, “A holistic cyber security implemen-
tation framework,” Information Management and Computer Security,
vol. 22, no. 3, pp. 251–264, jul 2014.
[25] ISO, “ISO/IEC 27002:2013 Information technology – Security
techniques – Code of practice for information security controls,” p. 80,
2013. [Online]. Available: https://www.iso.org/standard/54533.html
[26] ISO/IEC, “ISO/IEC 27001:2013 Information technology –
Security techniques – Information security management sys-
tems – Requirements,” p. 23, 2013. [Online]. Available:
https://www.iso.org/standard/54534.html
[27] M. Barrett, J. Marron, V. Yan Pillitteri, J. Boyens, G. Witte, and
L. Feldman, Draft NISTIR 8170, The Cybersecurity Framework: Im-
plementation Guidance for Federal Agencies. NIST cybersecurity
publications, 2017.
[28] G. Gardikis, K. Tzoulas, K. Tripolitis, A. Bartzas, S. Costicoglou,
A. Lioy, B. Gaston, C. Fernandez, C. Davila, A. Litke, N. Papadakis,
D. Papadopoulos, A. Pastor, J. Nunez, L. Jacquin, H. Attak, N. Davri,
G. Xylouris, M. Kafetzakis, D. Katsianis, I. Neokosmidis, M. Terranova,
C. Giustozzi, T. Batista, R. Preto, E. Trouva, Y. Angelopoulos, and
A. Kourtis, “SHIELD: A novel NFV-based cybersecurity framework,”
in 2017 IEEE Conference on Network Softwarization: Softwarization
Sustaining a Hyper-Connected World: en Route to 5G, NetSoft 2017.
IEEE, jul 2017.
[29] A. Sitnica and R. Carbone, “USING INFORMATION SECURITY
AS AN AUDITING TOOL GIAC GSNA Gold Certification,” SANS
Institute, Tech. Rep., 2016.
[30] B. Konigsberg, “Auditing Inside the Enterprise via Port Scanning &
Related Tools,” SANS Institute, Tech. Rep., 2002.
[31] D. A. Team, Security Auditing Tools. Cisco Press, 2010.
[32] W. Halboob, R. Mahmod, M. Abulaish, H. Abbas, and K. Saleem, “Data
Warehousing Based Computer Forensics Investigation Framework,” in
Proceedings - 12th International Conference on Information Technology:
New Generations, ITNG 2015. IEEE, apr 2015, pp. 163–168.
[33] A. Alzahrani, A. Alqazzaz, Y. Zhu, H. Fu, and N. Almashfi, “Web
Application Security Tools Analysis,” 2017 IEEE 3rd International
Conference on Big Data Security on Cloud (BigDataSecurity),
IEEE International Conference on High Performance and Smart
Computing, (HPSC) and IEEE International Conference on Intelligent
Data and Security (IDS), pp. 237–242, 2017. [Online]. Available:
http://ieeexplore.ieee.org/document/7980348/
[34] B. Al-Duwairi, A. Al-Hammouri, M. Aldwairi, and V. Paxson, “GFlux:
A google-based system for Fast Flux detection,” 2015 IEEE Conference
on Communications and NetworkSecurity, CNS 2015, no. September,
pp. 755–756, 2015.
[35] G. F. Lyon, Nmap network scanning: The official Nmap project guide
to network discovery and security scanning. Insecure, 2009. [Online].
Available: http://www.amazon.com/dp/0979958717?tag=secbks-20
[36] G. Lyon, “Nmap: the network mapper-free security scanner,” 2016.
[Online]. Available: www.Nmap.org
[37] J. Savaglia and P. Wang, “CYBERSECURITY VULNERABILITY
ANALYSIS VIA VIRTUALIZATION,” Issues in Information Systems
Issues in Information Systems, vol. 18, no. 4, pp. 91–98, 2017.
[38] M. A. Ghanem, “BackTrack System: Security against Hacking,” Inter-
national Journal of Scientific and Research Publications, p. 445, 2015.
[39] C. Sanders, “Practical Packet Analysis: using Wireshark to solve real-
world network problems,” Network Security, vol. 2011, no. 8, p. 4, aug
2011.
[40] C. Federici, “Cloud Data Imager : A uni fi ed answer to remote
acquisition of cloud storage areas,” Digital Investigation, vol. 11, no. 1,
pp. 30–42, 2014. [Online]. Available: http://dx.doi.org/10.1016/j.diin.
2014.02.002
[41] P. He, J. Zhu, S. He, J. Li, and M. R. Lyu, “An evaluation study
on log parsing and its use in log mining,” in Proceedings - 46th
Annual IEEE/IFIP International Conference on Dependable Systems and
Networks, DSN 2016. IEEE, jun 2016, pp. 654–661.