Enhancing Audits – A Script-Based Approach to Katakri’s Information Assurance Audits
Lampinen, Roosa (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Tiivistelmä
In the current fast evolving cybersecurity landscape, organizations are exposed to increasingly sophisticated
threats, from AI-powered attacks to ransomware targeting critical infrastructure. The financial and opera-
tional impact of these threats on individuals and businesses around the world is growing in scale and com-
plexity. In the face of these challenges, the cybersecurity industry has taken the initiative to develop proac-
tive processes to assess and improve resilience. These processes include auditing procedures.
Cybersecurity audits are systematic evaluations of an organization’s information systems, security policies
and infrastructure to ensure that they meet established security standards and best practices. These audits
play a crucial role in identifying vulnerabilities, assessing risks and ensuring compliance with regulatory
standards. In order to improve these audits, an audit script for Katakri 2020 Information Assurance assess-
ments was reviewed and updated. The aim was to improve the efficiency and effectiveness of audit pro-
cess, while ensuring comprehensive coverage of the Katakri 2020 I-section requirements.
A case study approach using qualitative research methods was applied to evaluate the script’s functionality,
efficiency and alignment with Katakri’s requirements. The script was developed through an iterative pro-
cess, incorporating user feedback and extensive testing in various Linux environments.
The results revealed significant improvements in the script’s functionality, including user friendly output
and improved compatibility across several Linux distributions. The script demonstrated varying degrees of
compliance with different Katakri requirements, excelling in technical areas while showing limitations in
complex processes and non-technical aspects requiring human interaction.
It was concluded that while the script significantly improves the efficiency of data collection for many tech-
nical aspects, human expertise remained crucial in interpreting audit results and making final judgements
on compliance. The findings contributed to the ongoing development of cybersecurity audits practices,
highlighting the need for continuous improvement in tools and methodologies to address the ever-chang-
ing threat landscape. The research also highlighted the importance of striking a balance between auto-
mated tools and professional judgement when conducting a comprehensive cybersecurity assessment.
threats, from AI-powered attacks to ransomware targeting critical infrastructure. The financial and opera-
tional impact of these threats on individuals and businesses around the world is growing in scale and com-
plexity. In the face of these challenges, the cybersecurity industry has taken the initiative to develop proac-
tive processes to assess and improve resilience. These processes include auditing procedures.
Cybersecurity audits are systematic evaluations of an organization’s information systems, security policies
and infrastructure to ensure that they meet established security standards and best practices. These audits
play a crucial role in identifying vulnerabilities, assessing risks and ensuring compliance with regulatory
standards. In order to improve these audits, an audit script for Katakri 2020 Information Assurance assess-
ments was reviewed and updated. The aim was to improve the efficiency and effectiveness of audit pro-
cess, while ensuring comprehensive coverage of the Katakri 2020 I-section requirements.
A case study approach using qualitative research methods was applied to evaluate the script’s functionality,
efficiency and alignment with Katakri’s requirements. The script was developed through an iterative pro-
cess, incorporating user feedback and extensive testing in various Linux environments.
The results revealed significant improvements in the script’s functionality, including user friendly output
and improved compatibility across several Linux distributions. The script demonstrated varying degrees of
compliance with different Katakri requirements, excelling in technical areas while showing limitations in
complex processes and non-technical aspects requiring human interaction.
It was concluded that while the script significantly improves the efficiency of data collection for many tech-
nical aspects, human expertise remained crucial in interpreting audit results and making final judgements
on compliance. The findings contributed to the ongoing development of cybersecurity audits practices,
highlighting the need for continuous improvement in tools and methodologies to address the ever-chang-
ing threat landscape. The research also highlighted the importance of striking a balance between auto-
mated tools and professional judgement when conducting a comprehensive cybersecurity assessment.