Raj Chaudhary, Dave McKnight
Internal Audit Foundation and Crowe Horwath
Sinopse: As cyberattacks grow in frequency, severity, and complexity, cybersecurity professionals are urging organizations to move beyond a defensive and reactive approach to a more proactive approach, allowing for the prediction and anticipation of cybersecurity threats. Recognizing this emerging trend, the Institute of Internal Auditors’ Audit Executive Center (AEC), in collaboration with the Internal Audit Foundation, elected to supplement recent research by conducting a Quick Poll survey of chief audit executives (CAEs) to ask specific questions about their organizations’ use of security operations centers (SOCs) as part of their cybersecurity strategies.
Responses were received from 130 CAEs, representing organizations of various size from many industries. In addition to providing insights into specific SOC policies and practices, the AEC Quick Poll survey results also suggest that some conclusions can be drawn about CAEs’ general levels of involvement in monitoring and reviewing their SOC operations. In order to assure complete anonymity, the survey respondents were not asked to provide identifying or qualifying information about their organizations.
Using the survey findings as a starting point, researchers from Crowe Horwath conducted a series of follow-up interviews with information security executives in various organizational structures and geographic locations, and with various sensitivities to cybersecurity threats. The objective was to gather first-hand examples of current best practices.