This page is older archived content from an older version of the Emerald Publishing website.

As such, it may not display exactly as originally intended.

Cybersecurity Risks, Controls and Assurance

Special issue call for papers from Managerial Auditing Journal

Guest Editor:

Dr Graham Gal, Isenberg School of Management, University of Massachusetts
[email protected]

Dr Gal has published articles on responsibility for information security, an instrument for assessing organizational factors for security incidents, and working on implications of smart contracts for cyber security.

What's the special issue about?

This special issue will focus on the methods and the implementations of various techniques to offer assurance that a firm’s or government’s IT infrastructure is free of existing cybersecurity breaches and its capability to resist cyber-attacks. The issue will look at the specific actions firms and governments have taken to improve their ability to detect and to resist cybersecurity attacks.  We look to include research on the role that traditional assurance providers can provide stakeholders on the quality of these actions.  The increased sophistication of attacks on their IT infrastructure requires firms and governments to continually upgrade their methods and for assurance providers to determine the sufficiency of these efforts.

This issue seeks to publish papers that address the following questions:
1.    What level of cybersecurity assurance should be provided?
2.    Can a realistic level of cybersecurity assurance be provided?
3.    How should this assurance be communicated to stakeholders?
4.    Should cybersecurity deficiencies be communicated?
5.    Do stakeholders trust assurance providers?
6.    Do these assurance reports provide value relevant information?
7.    Should software vendors provide some assurance for their products?

While these represent some major questions that need to be answered, other quality work on cybersecurity assurance will certainly be considered.

Key topics to consider:

  • Tools that can be used to provide cybersecurity assurance
  • The level of training a cybersecurity assurance provider should possess
  • Management of the cybersecurity assurance process
  • Reaction to cybersecurity assurance reports
  • Liability for cybersecurity breaches

Submissions and deadlines


  • To submit a paper, please use ScholarOne Manuscripts, the online submission and peer review system
  • Full information and guidance on using ScholarOne Manuscripts is available on Emerald ScholarOne Manuscripts Support Centre
  • Please ensure you have read the author guidelines before submitting
  • Submission deadline: November 1, 2017
  • If you are interested in reviewing papers for this issue, please register as a reviewer in ScholarOne