Cybersecurity Continues Rapid Evolution
New report from The IIA, Crowe Horwath examines security intelligence centers
CHICAGO (22 February 2017) – Cybersecurity remains a top business priority as cyber incidents and data breaches carry the threat of significant operational and reputational damage for all organizations. A new report from the Internal Audit Foundation (IAF) and Crowe offers a look at the next step in the evolution of cybersecurity strategy by examining the growing use of security operation centers and security intelligence centers.
“Next Steps: Beyond Response to Anticipation” is based in part on a survey of chief audit executives conducted by The Institute of Internal Auditors’ (IIA) Audit Executive Center and Crowe. The survey found that more than a third of respondents are turning to security operation centers, formal and informal, as part of their cybersecurity strategies.
“It is logical and encouraging that models to address the pervasive and potentially devastating threat of cyberattacks are evolving,” said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “The creation of formal security operation centers allows for holistic, proactive approaches to cybersecurity in which all parts of the organization, including the internal audit function, can support the battle against data breaches.”
To conduct the survey, Crowe personnel interviewed information security executives from organizations across the globe. The interviews confirmed a growing number of organizations recognize that “100 percent protection 100 percent of the time” is not achievable. It is then that an organization’s cybersecurity strategies can “shift from a defensive posture to a more offensive and proactive one that focuses on learning about how certain threats operate, how their effects can be limited or mitigated, and how the incident response time (from identification to remediation) can be accelerated,” according to the report.
The report identifies the common terminology, frameworks, metrics and tools used in the security operation centers and examines how these can evolve further into security intelligence centers.
“There is room for internal audit to get more engaged in the evaluation of security operations,” said Raj Chaudhary, CGEIT, CRISC, Crowe Risk Consulting principal. “Over time, advanced analytics capabilities will allow companies to become more proactive in preventing events that could negatively impact business operations.”
The report is available through the Internal Audit Foundation. Its principal authors, Chaudhary and Dave McKnight, CISSP, of Crowe, will participate in a session on cybersecurity intelligence at The IIA’s upcoming General Audit Management (GAM) Conference, March 20-22, in Orlando, Florida.
The authors will host a webinar, “Cyberattacks: Go Beyond Response to Anticipation,” from noon to 1 p.m. on April 4.
About the Internal Audit Foundation
The Internal Audit Foundation (Foundation) is the donor-supported arm of The Institute of Internal Auditors (IIA). The nonprofit Foundation conducts groundbreaking research and scholarly publishing, offers essential career development and thought leadership products through The IIA Bookstore, and works with colleges and universities through the Internal Auditing Education Partnership (IAEP) program to enlighten the next generation of internal auditors. For more information, www.theiia.org/foundation.
About Crowe Horwath
Crowe Horwath Global Risk Consulting (Holdings) Limited and its subsidiaries (“Crowe Horwath”) use their deep industry expertise to provide governance, risk and compliance services. Crowe Horwath serves clients worldwide as an independent member of Crowe Horwath International, one of the largest global accounting networks in the world. The Crowe Horwath International network consists of more than 200 independent accounting and advisory services firms in more than 130 countries around the world.