FREE UK and US shipping | Get the ebook free with your print copy when you select the "bundle" option | T&Cs apply

Cybersecurity Controls

Design, Implement and Audit to Protect Your Organization

Toby DeRoche

Build strong cybersecurity controls and audit their effectiveness with this practical guide for cybersecurity and audit professionals.

Publishing partner

EAN: 9781398629363

Edition: 1

Published: 03 Dec 2026

Format: 234 x 156

304 pages

FREE UK and US delivery

Bulk buying for your team?
Contact us for exclusive discounts!

About the book

Build and audit cybersecurity controls to better protect your organization from damaging cyber attacks.

Cybersecurity Controls is a strategic guide for mid-career IT, cybersecurity and audit professionals who must protect critical systems, reduce enterprise risk and deliver resilience in the face of escalating cyber threats. Written by Toby DeRoche, it shows how to establish the rules, procedures and policies that will protect an organizations. It covers both how to build cybersecurity controls, but also how to validate controls.

You'll learn how to:
- Build cybersecurity controls
- Translate risk assessments and business impact analysis into actionable safeguards
- Integrate administrative, physical and technical controls for enterprise-wide protection
- Develop a robust control testing strategy that improves assurance
- Strengthen collaboration between IT, cybersecurity and audit to validate resilience

With guidance on strategy, preparation for audits and emerging industry trends and extensive real-world examples, this book equips leaders to make informed decisions, improve control maturity and deliver durable security outcomes.

Themes include: cybersecurity governance, IT controls, risk assessment, resilience strategy

About the authors

Toby DeRoche is an experienced cybersecurity, auditing and governance professional. He is a frequent keynote speaker, writer and trainer on topics including IT controls, internal auditing, control testing, and cybersecurity governance. He is the founder of Insight CPE which delivers continuing education for audit, risk, and fraud professionals. He is a founding member of the Internal Audit Collective and a contributor to ISACA publications. He is based in Jacksonville, FL.

Toby DeRoche

Section - ONE: Breaking the compliance myths – cybersecurity controls mean survival, not compliance;
- Chapter - 01: Understanding controls without drowning in jargon;
- Chapter - 02: Building an action-oriented cybersecurity strategy;
- Chapter - 03: Preparing for successful internal and external audits;
Section - TWO: Designing cybersecurity risk assessments – understanding principles of risk management;
- Chapter - 04: Translating business impact analysis into real decisions;
- Chapter - 05: Conducting risk assessment to prioritize actions plans;
- Chapter - 06: Managing third-party risk and vulnerabilities;
Section - THREE: Strengthening administrative controls – building a cyber aware culture;
- Chapter - 07: Writing effective policies and procedures to guide the organization;
- Chapter - 08: Conducting training to raise awareness one lesson at a time;
- Chapter - 09: Monitoring third-party relationships to protect both sides;
Section - FOUR: Locking down physical controls – offices, data centers and beyond;
- Chapter - 10: Securing spaces for internal vs external facilities;
- Chapter - 11: Safeguarding and monitoring physical assess;
- Chapter - 12: Protecting systems from environmental and power threats;
Section - FIVE: Powering up your technical controls – guarding the digital world;
- Chapter - 13: Managing internal vs external network threats;
- Chapter - 14: Controlling who gets your data with access management;
- Chapter - 15: Embedding security in change management and software development life cycle;
Section - SIX: Proving what works: Testing controls effectiveness;
- Chapter - 16: Building a smart control testing strategy;
- Chapter - 17: Partnering effectively with third-party auditors;
- Chapter - 18: Measuring and managing overall cyber governance;
Section - SEVEN: Building the cyber alliance – one team, one mission;
- Chapter - 19: Aligning business and security objectives;
- Chapter - 20: Defining internal audit’s role in cyber defense;
- Chapter - 21: Bridging execution and testing with the CISO and CAE;
- Chapter - 22: Communicating cybersecurity risk to the board;
- Chapter - 23: Sustaining cybersecurity success for the long term