The Security Intelligence Center
Next Steps: Beyond Response to Anticipation
As cyberattacks grow in frequency, severity, and complexity, cybersecurity professionals are urging organizations to move beyond a defensive and reactive approach to a more proactive approach, allowing for the prediction and anticipation of cybersecurity threats. Recognizing this emerging trend, the Institute of Internal Auditors’ Audit Executive Center (AEC), in collaboration with the Internal Audit Foundation, elected to supplement recent research by conducting a Quick Poll survey of chief audit executives (CAEs) to ask specific questions about their organizations’ use of security operations centers (SOCs) as part of their cybersecurity strategies.
In addition to offering a summary of that research, this report is intended to help cybersecurity professionals, CAEs, and other stakeholders to explore broader issues and to answer two questions:
1) How can organizations move beyond merely reacting and responding to cybersecurity incidents and instead start to identify, anticipate, and actively defend against known and emerging threats?
2) What role can CAEs play in encouraging and facilitating this shift from a reactive to a proactive stance?
By addressing—and ultimately answering—these questions, organizations can take the critical first steps to advancing their cybersecurity initiatives regardless of whether they are first establishing a SOC, or advancing further and establishing a fully functioning security intelligence center (SIC).
Download Next Steps: Beyond Response to Anticipation, by The Security Intelligence Center