The Cyber Security Governance by Internal Audit in the Turkish Banking Sector

The article aims to determine the position of internal audit activities in cyber security governance. First of all, the conceptual framework was mentioned, and the definitions related to the subject and the relationships between the terms were mentioned. Then, it was expressed with visuals how exploratory sequential mixed methods used as research methods were used. In this direction, the delphi method is used as a data collection tool through open-ended questions and surveys through semi-structured interviews to measure the awareness levels and consensus levels of the panelists. It was emphasized by the participants that cyber security governance is an effective factor in ensuring compliance with legal regulations, establishing ethical rules and planning corporate governance principles, and that this factor needs the supporting functions of internal audit as well as information technology controls. In particular, the study obtained a series of ideas on how to provide the necessary corporate culture for the close to perfect functioning of confidentiality, integrity and availability elements, which are the basic building blocks in ensuring a healthy cyber security governance. In this context, the authorization system has been particularly emphasized.