Abstract

In an increasingly digitized and interconnected global environment, cybersecurity auditing has become a critical pillar in safeguarding organizational assets and ensuring regulatory compliance. This review critically analyzes emerging methodologies for cybersecurity auditing, focusing on their alignment with key regulatory frameworks such as the Sarbanes-Oxley Act (SOX), the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the General Data Protection Regulation (GDPR). The study identifies a significant shift from traditional, reactive auditing approaches toward proactive, real-time, and risk-based methodologies supported by artificial intelligence, machine learning, and automation. These innovations enhance audit efficiency, enable continuous control monitoring, and support the identification of advanced persistent threats (APTs). The review evaluates leading cybersecurity audit frameworks, including Control Objectives for Information and Related Technologies (COBIT), ISO/IEC 27001, and NIST SP 800-53, and explores how they are being adapted to assess cloud environments, third-party risks, and remote work infrastructures. It further examines how emerging frameworks incorporate regulatory expectations, emphasizing transparency, accountability, and data minimization in line with GDPR, financial reporting integrity under SOX, and the five core functions of the NIST Framework—Identify, Protect, Detect, Respond, and Recover. The analysis reveals that while current methodologies offer improved standardization and scalability, they also present challenges, including audit fatigue, fragmented toolsets, and insufficient integration across enterprise risk management systems. Moreover, the paper underscores the growing need for auditor upskilling, the ethical handling of personal data, and continuous assurance mechanisms that go beyond periodic assessments. It proposes a holistic model that integrates technical assessments with governance, risk, and compliance (GRC) strategies to enhance cybersecurity audit effectiveness. Ultimately, this review highlights the urgency for organizations to adopt agile and adaptive auditing approaches that align with evolving digital threats and compliance mandates. It offers critical insights for regulators, auditors, and organizational leaders striving to build cyber-resilient ecosystems in an era marked by data proliferation, increasing regulatory scrutiny, and sophisticated cyberattacks.