{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:27Z","timestamp":1783965867955,"version":"3.55.0"},"reference-count":22,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105037","type":"journal-article","created":{"date-parts":[[2026,6,22]],"date-time":"2026-06-22T23:35:36Z","timestamp":1782171336000},"page":"105037","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["AI-enabled internal audit model for cybersecurity governance in Saudi banks: Design and experimental validation"],"prefix":"10.1016","volume":"170","author":[{"given":"Muez","family":"Osman","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.105037_bib0001","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","article-title":"A survey of network anomaly detection techniques","volume":"60","author":"Ahmed","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"issue":"2","key":"10.1016\/j.cose.2026.105037_bib0002","doi-asserted-by":"crossref","first-page":"439","DOI":"10.2308\/acch-51067","article-title":"Drivers of the use and facilitators and obstacles of the evolution of big data by the audit profession","volume":"29","author":"Alles","year":"2015","journal-title":"Account. Horiz."},{"issue":"4","key":"10.1016\/j.cose.2026.105037_bib0003","first-page":"1","article-title":"Big data and analytics in the modern audit engagement: research needs","volume":"36","author":"Appelbaum","year":"2017","journal-title":"Audit.: J. Pract. Theory"},{"issue":"2","key":"10.1016\/j.cose.2026.105037_bib0006","doi-asserted-by":"crossref","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","article-title":"A survey of data mining and machine learning methods for cybersecurity intrusion detection","volume":"18","author":"Buczak","year":"2016","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"3","key":"10.1016\/j.cose.2026.105037_bib0007","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","article-title":"Anomaly detection: a survey","volume":"41","author":"Chandola","year":"2009","journal-title":"ACM Comput. Surv."},{"issue":"3","key":"10.1016\/j.cose.2026.105037_bib0008","first-page":"50","article-title":"European Union regulations on algorithmic decision-making and a right to explanation","volume":"38","author":"Goodman","year":"2017","journal-title":"AI Mag."},{"issue":"1","key":"10.1016\/j.cose.2026.105037_bib0009","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2307\/25148625","article-title":"Design science in information systems research","volume":"28","author":"Hevner","year":"2004","journal-title":"MIS Q."},{"key":"10.1016\/j.cose.2026.105037_bib0010","series-title":"Global Internal Audit Standards","year":"2024"},{"key":"10.1016\/j.cose.2026.105037_bib0011","series-title":"COBIT 2019 Framework: Governance and Management Objectives","year":"2019"},{"key":"10.1016\/j.cose.2026.105037_bib0013","series-title":"AI Governance Implementation Guide","year":"2023"},{"issue":"1","key":"10.1016\/j.cose.2026.105037_bib0014","first-page":"1","article-title":"The emergence of artificial intelligence in auditing","volume":"18","author":"Kokina","year":"2021","journal-title":"J. Emerg. Technol. Account."},{"key":"10.1016\/j.cose.2026.105037_bib0016","series-title":"Essential Cybersecurity Controls (ECC) v2.0","year":"2021"},{"key":"10.1016\/j.cose.2026.105037_bib0017","series-title":"Data Governance Framework","year":"2023"},{"key":"10.1016\/j.cose.2026.105037_bib0018","unstructured":"National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity, version 1.1. gaithersburg, MD."},{"issue":"3","key":"10.1016\/j.cose.2026.105037_bib0025","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","article-title":"A design science research methodology for information systems research","volume":"24","author":"Peffers","year":"2007","journal-title":"J. Manag. Inf. Syst."},{"issue":"3","key":"10.1016\/j.cose.2026.105037_bib0021","first-page":"1","article-title":"AI-driven cybersecurity: an overview, security intelligence modeling and research directions","volume":"1","author":"Sarker","year":"2020","journal-title":"SN Comput. Sci."},{"key":"10.1016\/j.cose.2026.105037_bib0019","series-title":"Cybersecurity Framework for Financial Institutions","year":"2022"},{"key":"10.1016\/j.cose.2026.105037_bib0020","series-title":"Responsible AI Guidelines","year":"2022"},{"key":"10.1016\/j.cose.2026.105037_bib26","series-title":"Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP)","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","author":"Sharafaldin","year":"2018"},{"key":"10.1016\/j.cose.2026.105037_bib0022","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1109\/SP.2010.25","article-title":"Outside the closed world: on using machine learning for network intrusion detection","author":"Sommer","year":"2010","journal-title":"2010 IEEE Symp. Secur. Priv."},{"issue":"2","key":"10.1016\/j.cose.2026.105037_bib0023","doi-asserted-by":"crossref","first-page":"381","DOI":"10.2308\/acch-51071","article-title":"Big Data in accounting: an overview","volume":"29","author":"Vasarhelyi","year":"2015","journal-title":"Account. Horiz."},{"key":"10.1016\/j.cose.2026.105037_bib0024","article-title":"Artificial intelligence and the future of internal auditing","volume":"46","author":"Vasarhelyi","year":"2022","journal-title":"Int. J. Account. Inf. Syst."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002130?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002130?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:14:54Z","timestamp":1783962894000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826002130"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":22,"alternative-id":["S0167404826002130"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105037","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"AI-enabled internal audit model for cybersecurity governance in Saudi banks: Design and experimental validation","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105037","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"105037"}}