This chapter presents a model of cyber security audit that allows 1) describe and list vulnerabilities that can be identified in a comprehensive review of processes and technology.And 2) Determinate the level of cybersecurity of an entity.Thus, it becomes a strategic tool for the information, security, and risk areas, this model can also be useful for internal audit teams or as a control tool for external validation audits.This model uses common language to manage cybersecurity risks, as it handles a prioritized, flexible, repeatable, and neutral approach, based on the needs of the district entity.It allows the person who is using this model identify, catalog, and manage cybersecurity risks, establishing criteria and metrics for control, and creating an objective, professional, and independent opinion of the audited cybersecurity status.The proposed model goes around six main thematic points, which are related to each other like the forces of an atom.The nucleus of this atom is the information sitting in the entity, which is essential part of the business.The thematic points will be qualified based on 15 indicators for each one, for a total of ninety questions.These indicators will have a qualification of initial, mature, and advanced.Therefore, the found results will have a quantitative (numerical) and a qualitative (descriptive) segment.To complete the set of hundred, there are ten extras question that are connected to the thematic points.