A Systematic Literature Review of Cybersecurity Audit Frameworks and Access Control Mechanisms in Information Systems: Trends and Challenges
Authors
Master of Accounting, Faculty of Economics and Business Education, Universitas Pendidikan Indonesia (Indonesia)
Master of Accounting, Faculty of Economics and Business Education, Universitas Pendidikan Indonesia (Indonesia)
Master of Accounting, Faculty of Economics and Business Education, Universitas Pendidikan Indonesia (Indonesia)
Master of Accounting, Faculty of Economics and Business Education, Universitas Pendidikan Indonesia (Indonesia)
Article Information
DOI: 10.47772/IJRISS.2026.100500328
Subject Category: Management
Volume/Issue: 10/5 | Page No: 4929-4954
Publication Timeline
Submitted: 2026-05-04
Accepted: 2026-05-09
Published: 2026-05-30
Abstract
The rapid advancement of digital transformation has significantly increased cybersecurity risks faced by organizations, making cybersecurity governance and auditing essential components of organizational resilience. This study aims to analyze the development of cybersecurity audit frameworks and access control mechanisms in information systems through a Systematic Literature Review (SLR). The study follows the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines and reviews 30 Scopus-indexed journal articles and conference proceedings published between 2020 and 2025. The review focuses on comparing cybersecurity audit frameworks, identifying recent trends, examining implementation challenges, and analyzing the evolution of access control mechanisms. The findings indicate that widely used frameworks such as ISO/IEC 27001, NIST Cybersecurity Framework (NIST-CSF), COBIT, CIS Controls, SOX, and COSO possess different orientations, strengths, and limitations regarding governance, compliance, flexibility, and technical protection. The study also reveals a shift from traditional compliance-based auditing toward risk-based, continuous, and technology-driven auditing supported by Artificial Intelligence (AI), Machine Learning (ML), blockchain, and continuous monitoring systems. In terms of access control, the findings demonstrate an evolution from traditional models such as DAC, MAC, and RBAC toward more adaptive approaches including ABAC, blockchain-based access control, and Zero Trust Architecture (ZTA). However, the implementation of modern frameworks and technologies still faces challenges related to scalability, interoperability, implementation complexity, operational costs, and the shortage of skilled cybersecurity professionals. This study concludes that no single framework or access control mechanism is universally effective for all organizations, and therefore organizations should adopt adaptive and hybrid approaches based on their risk profiles, governance maturity, and operational requirements. The study contributes theoretically by integrating discussions on cybersecurity audit frameworks and access control mechanisms while providing practical insights for auditors, cybersecurity practitioners, regulators, and organizations in designing more resilient cybersecurity governance strategies.
Keywords
Cybersecurity audit, audit framework, access control, blockchain
Downloads
References
1. Abbas, A., Alroobaea, R., Krichen, M., Rubaiee, S., Vimal, S., & Almansour, F. M. (2024). Blockchain-assisted secured data management framework for health information analysis based on Internet of Medical Things. Personal and Ubiquitous Computing, 28(1), 59–72. https://doi.org/10.1007/s00779-021-01583-8 [Google Scholar] [Crossref]
2. Adebola Folorunso, Viqaruddin Mohammed, Ifeoluwa Wada, & Bunmi Samuel. (2024). The impact of ISO security standards on enhancing cybersecurity posture in organizations. World Journal of Advanced Research and Reviews, 24(1), 2582–2595. https://doi.org/10.30574/wjarr.2024.24.1.3169 [Google Scholar] [Crossref]
3. Al-Matari, O. M. M., Helal, I. M. A., Mazen, S. A., & Elhennawy, S. (2021). Integrated framework for cybersecurity auditing. Information Security Journal, 30(4), 189–204. https://doi.org/10.1080/19393555.2020.1834649 [Google Scholar] [Crossref]
4. Antunes, M., Maximiano, M., & Gomes, R. (2022). A Client-Centered Information Security and Cybersecurity Auditing Framework. Applied Sciences (Switzerland), 12(9). https://doi.org/10.3390/app12094102 [Google Scholar] [Crossref]
5. Bernadette Bristol-Alagbariya, Latifat Omolara Ayanponle, & Damilola Emmanuel Ogedengbe. (2022). Developing and implementing advanced performance management systems for enhanced organizational productivity. World Journal of Advanced Science and Technology, 2(1), 039–046. https://doi.org/10.53346/wjast.2022.2.1.0037 [Google Scholar] [Crossref]
6. Dagilienė, L., & Klovienė, L. (2019). Motivation to use big data and big data analytics in external auditing. Managerial Auditing Journal, 34(7), 750–782. https://doi.org/10.1108/MAJ-01-2018-1773 [Google Scholar] [Crossref]
7. Dimitris Balios, Panagiotis Kotsilaras, Nikolaos Eriotis, & Dimitrios Vasiliou. (2020). Big Data, Data Analytics and External Auditing. Journal of Modern Accounting and Auditing, 16(5). https://doi.org/10.17265/1548-6583/2020.05.002 [Google Scholar] [Crossref]
8. Faruq, M. O. (2025). A Meta-Analysis Of Cybersecurity Framework Integration In Grc Platforms: Evidence From U.S. Enterprise Audits. Journal of Sustainable Development and Policy, 01(01), 224–249. https://doi.org/10.63125/kwhkmb57 [Google Scholar] [Crossref]
9. Federal Bureau of Investigation. (2024). Internet Crime Report. https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf [Google Scholar] [Crossref]
10. Geerman, G. et al. (2026). Colonial Pipeline Ransomware Attack: Computational Analysis Based on an Adaptive Network Model. Focus on Artificial Intelligence in Intelligent Systems Design . [Google Scholar] [Crossref]
11. Gepp, A., Linnenluecke, M. K., O’Neill, T. J., & Smith, T. (2018). Big data techniques in auditing research and practice: Current trends and future opportunities. Journal of Accounting Literature, 40, 102–115. https://doi.org/10.1016/j.acclit.2017.05.003 [Google Scholar] [Crossref]
12. Golightly, L., Modesti, P., Garcia, R., & Chang, V. (2023). Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDN. In Cyber Security and Applications (Vol. 1). KeAi Communications Co. https://doi.org/10.1016/j.csa.2023.100015 [Google Scholar] [Crossref]
13. Haapamäki, E., & Sihvonen, J. (2019). Cybersecurity in accounting research. In Managerial Auditing Journal (Vol. 34, Number 7, pp. 808–834). Emerald Group Holdings Ltd. https://doi.org/10.1108/MAJ-09-2018-2004 [Google Scholar] [Crossref]
14. Hu, T., Yang, S., Wang, Y., Li, G., Wang, Y., Wang, G., & Yin, M. (2023). N-Accesses: A Blockchain-Based Access Control Framework for Secure IoT Data Management. Sensors, 23(20). https://doi.org/10.3390/s23208535 [Google Scholar] [Crossref]
15. Ilori, O., Lawal, C. I., Friday, S. C., Isibor, N. J., & Eke, E. C. C.-. (2022). Cybersecurity Auditing in the Digital Age: A Review of Methodologies and Regulatory Implications. Journal of Frontiers in Multidisciplinary Research, 3(1), 174–187. https://doi.org/10.54660/.ijfmr.2022.3.1.174-187 [Google Scholar] [Crossref]
16. International Business Machines. (2024). Cost of a data breach 2024: Financial industry. [Google Scholar] [Crossref]
17. Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. NICTA Technical Report. [Google Scholar] [Crossref]
18. Kizza, J. M. (2020). Access Control and Authorization. Guide to Computer Network Security. Texts in Computer Science. Springer. [Google Scholar] [Crossref]
19. Leo, O. (2025). AI-Driven Cybersecurity Governance in Financial Services: Enhancing Ethical Auditing, Automated Compliance Monitoring and Explainable AI for Stakeholder Trust SANUEL OLATUNJI OLAWORE 1 , CHUKWUEBUKA OKOLI 2 , OREOLUWA ABIMBOLA SERIFAT 3 , BLESSING UNWANA UNOH 4 UGOCHUKWU DANIEL OFURUM. IRE Journals. [Google Scholar] [Crossref]
20. McIntosh, T. R., Susnjak, T., Liu, T., Watters, P., Xu, D., Liu, D., Nowrozy, R., & Halgamuge, M. N. (2024). From COBIT to ISO 42001: Evaluating cybersecurity frameworks for opportunities, risks, and regulatory compliance in commercializing large language models. Computers and Security, 144. https://doi.org/10.1016/j.cose.2024.103964 [Google Scholar] [Crossref]
21. Meegammana, N. W., Vishva, N. P., & Sri, K. (2020). SolarWinds Attack 2020: A Cyber Security and Legal Perspective. https://doi.org/DOI:10.13140/RG.2.2.13076.56963 [Google Scholar] [Crossref]
22. Melaku, H. M. (2023). A Dynamic and Adaptive Cybersecurity Governance Framework. Journal of Cybersecurity and Privacy, 3(3), 327–350. https://doi.org/10.3390/jcp3030017 [Google Scholar] [Crossref]
23. Mohamed, A. K. Y. S., Auer, D., Hofer, D., & Küng, J. (2022). A systematic literature review for authorization and access control: definitions, strategies and models. In International Journal of Web Information Systems (Vol. 18, Numbers 2–3, pp. 156–180). Emerald Publishing. https://doi.org/10.1108/IJWIS-04-2022-0077 [Google Scholar] [Crossref]
24. Omotunde, H., & Ahmed, M. (2023). A Comprehensive Review of Security Measures in Database Systems: Assessing Authentication, Access Control, and Beyond. In Mesopotamian Journal of CyberSecurity (Vol. 2023, pp. 115–133). Mesopotamian Academic Press. https://doi.org/10.58496/MJCS/2023/016 [Google Scholar] [Crossref]
25. Pahlawati, C. S., Pebriani, D., Studi Teknik Informatika, P., & Tinggi Teknologi Wastukancana, S. (2025). Analisis Insiden Kebocoran Data 91 Juta Akun Tokopedia: Dampak Dan Upaya Penanganannya. Integrative Perspectives of Social and Science Journal, 2(3), 4858. [Google Scholar] [Crossref]
26. Rahman, F., Putri, G., Wulandari, D., Pratama, D., & Permadi, E. (2021). Auditing in the Digital Era: Challenges and Opportunities for Auditor. Golden Ratio of Auditing Research, 1(2), 86–98. https://doi.org/10.52970/grar.v1i2.367 [Google Scholar] [Crossref]
27. Santoso, F., Wijaya, A., Pramudita, C., Permata, D., & Suryani, E. (2021). The Influence of Government Regulations on Auditing Practices: A Qualitative Research. Golden Ratio of Auditing Research, 1(2), 54–63. https://doi.org/10.52970/grar.v1i2.366 [Google Scholar] [Crossref]
28. Sardi, A., Rizzi, A., Sorano, E., & Guerrieri, A. (2020). Cyber risk in health facilities: A systematic literature review. In Sustainability (Switzerland) (Vol. 12, Number 17). MDPI. https://doi.org/10.3390/su12177002 [Google Scholar] [Crossref]
29. Sayankar, V. N. (2013). A Review on Information Systems Audit. Research J. Engineering and Tech, 4(3). www.anvpublication.org [Google Scholar] [Crossref]
30. Singh, I., & Singh, B. (2023). Access management of IoT devices using access control mechanism and decentralized authentication: A review. Measurement: Sensors, 25. https://doi.org/10.1016/j.measen.2022.100591 [Google Scholar] [Crossref]
31. Slapničar, S., Vuko, T., Čular, M., & Drašček, M. (2022). Effectiveness of cybersecurity audit. International Journal of Accounting Information Systems, 44. https://doi.org/10.1016/j.accinf.2021.100548 [Google Scholar] [Crossref]
32. Stallings, W. (2018). Network Security Essentials Applications and Standards (6th ed.). Pearson Education Limited. [Google Scholar] [Crossref]
33. Sulistyowati, D., Handayani, F., & Suryanto, Y. (2020). Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS. International Journal On Informatics Visualization. [Google Scholar] [Crossref]
34. Taherdoost, H. (2022). Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. In Electronics (Switzerland) (Vol. 11, Number 14). MDPI. https://doi.org/10.3390/electronics11142181 [Google Scholar] [Crossref]
35. Tharwat, H., Hafez, S. T., Elgohary, I. E., & Hassanein, A. (2025). A decade of cybersecurity research in internal auditing: bibliometric mapping and future research agenda. In Discover Sustainability (Vol. 6, Number 1). Springer Nature. https://doi.org/10.1007/s43621-025-02031-w [Google Scholar] [Crossref]
36. Toussaint, M., Krima, S., & Panetto, H. (2024). Industry 4.0 data security: A cybersecurity frameworks review. In Journal of Industrial Information Integration (Vol. 39). Elsevier B.V. https://doi.org/10.1016/j.jii.2024.100604 [Google Scholar] [Crossref]
37. Vuko, T., Slapničar, S., Čular, M., & Drašček, M. (2025). Key drivers of cybersecurity audit effectiveness: A neo-institutional perspective. International Journal of Auditing, 29(1), 188–206. https://doi.org/10.1111/ijau.12365 [Google Scholar] [Crossref]
38. World Economic Forum. (2025). Resilience Pulse Check: Harnessing Collaboration to Navigate a Volatile World. https://reports.weforum.org/docs/WEF_Resilience_Pulse_Check_2025.pdf [Google Scholar] [Crossref]
39. Yang, X., Tu, H., Li, Y., & Wang, Q. (2025). The impact of IT system implementation and upgrade on firm operational and financial performance. Journal of Digital Management, 1(1). https://doi.org/10.1007/s44362-025-00005-6 [Google Scholar] [Crossref]
40. Zhai, P., He, J., & Zhu, N. (2022). Blockchain-Based Internet of Things Access Control Technology in Intelligent Manufacturing. Applied Sciences (Switzerland), 12(7). https://doi.org/10.3390/app12073692 [Google Scholar] [Crossref]
Metrics
Views & Downloads
Similar Articles
- The Indirect Effect of Liquidity and Activity on Company Value with Profitability as an Intervening Variable
- Effect of Financial Skills, Knowledge, and Attitude on The Financial Behaviour of Clergy
- A Decade of Review: Trends in Budget Execution and Financial Performance of Development Projects in Tanzania (2014/15-2023/24)
- The Influence of Pre-Project Planning on the Budget Absorption Rate of Public Funded Infrastructure Projects in Kenya a Comparative Case Study of Narok, Migori, and Kisii County Government Projects
- Assessment of Factors Influencing Digital Transformation in Hotels’ Facility Management in Abuja Metropolis, Nigeria