Amanda's Audit Lens: Navigating the Real-World of IT Security

                                                       In the early days of cybersecurity, organizations relied on firewalls, antivirus software, and Security Operation Centers (SOCs) to protect their networks. These tools acted as static shields, effectively blocking many attackers. Today, however, the digital landscape has changed. Threats are no longer isolated—they are fast, sophisticated, and often automated. Cybercriminals exploit vulnerabilities across cloud systems, IoT devices, and AI-driven applications, rendering traditional defenses insufficient. This is where SIEM (Security Information and Event Management) systems and incident response frameworks step in. Together, they form the dynamic backbone of modern IT audits, ensuring organizations not only detect threats but also respond to them effectively. From Reactive to Proactive Secu...

Imagine you run a SaaS company that helps other businesses understand their employees and customers through feedback, surveys, and analytics. Your platform is critical: companies rely on it to make decisions about engagement, satisfaction, and growth . Now, imagine one morning your cloud servers crash, your database goes offline, and your clients—who depend on real-time dashboards—cannot access their insights. Panic spreads. Emails and phone calls flood your support hotlines. Stakeholders demand answers. In that moment, trust hangs by a thread. This is where Disaster Recovery (DR) and Business Continuity Planning (BCP) step in, not as optional IT projects, but as strategic superpowers that protect your SaaS platform, your clients, and your company’s reputation. Disaster Recovery vs. Business Continuity in SaaS : Two Sides of the Same Coin At first glance, DR and BCP may seem similar—but in SaaS, they play distinct roles: Disaster Recovery (DR): Focuses on restoring IT systems, ...

  The Double-Edged Sword of Digital Innovation        In today's world oraganizations are working hard to transform their operations by using  emerging technologies  such as cloud computing(SaaS, PaaS, IaaS, NaaS), big data analytics(Apache Hadoop, Power BI), artificial intelligence, and the Internet of Things (IoT). These technologies enable faster decision-making, operational efficiency, and global scalability. However, as digital innovation accelerates, it also introduces new and complex risks that challenge traditional approaches to information security and IT audit. In this era, the key concern for auditors is no longer whether the right systems and controls exist, but whether the existing  controls are effective, risks are managed, and governance keeps pace with innovation . Here,  my goal is to examine how these technologies have reshaped information security risks and why IT audit and control functions must evolve to stay relev...

Why IT Audit Matters Today? In today’s digital world, information technology plays a crucial role in how organizations operate, communicate, and deliver services. Activities such as online banking, e-commerce, cloud computing, and social media depend heavily on IT systems that process large volumes of data every day. While these technologies improve efficiency and support economic growth, they also introduce serious risks such as cyberattacks, data breaches, online fraud, and misuse of personal information. To manage these risks, organizations must implement effective IT audit and control mechanisms . IT audit and control focus on ensuring that information systems are secure, reliable, compliant with laws, and aligned with business objectives . In Sri Lanka, the importance of IT audit has grown significantly in recent years due to the introduction of new digital laws and regulations. These laws aim to protect personal data, improve cybersecurity, and regulate online activities within ...