An anti-sheriff cybersecurity audit model : from compliance checklists to intelligence-supported cyber risk auditing

Abstract

The increasing adoption of data-driven techniques in cybersecurity has introduced new opportunities to enhance detection, response, and automation capabilities within the cybersecurity ecosystem; however, cybersecurity auditing remains constrained by traditional compliance-oriented approaches that rely profoundly on binary, checklist-based evaluations. Such approaches often reinforce a policing or “sheriff-style” perception of auditing, emphasizing enforcement rather than enablement, risk insight, and organizational improvement. Of primary concern is that the “sheriff-style” cybersecurity audit approach often fails to accurately portray the true state of an organization’s cybersecurity posture, often providing a misleading sense of assurance based solely on formal compliance and controls existence. This study proposes an Anti-Sheriff Cybersecurity Audit Model, that moves beyond cybersecurity control checklists, by integrating intelligence-informed risk assessments with structured human judgment to support a more robust, adaptive, and risk-oriented auditing process. Grounded in design science research (DSR), the proposed approach combines conventional binary compliance verification with intelligence-derived risk indicators and governance-based maturity assessments to evaluate cybersecurity controls across technical, operational, and organizational dimensions. The approach aligns with established standards and frameworks, including International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 27001, the National Institute of Standards and Technology (NIST), and the Center for Internet Security (CIS) benchmarks, while extending their application beyond static compliance validation. A fictional case study is used to demonstrate the model’s applicability and to illustrate how hybrid scoring can reveal residual risk not captured by conventional cybersecurity audits. The findings indicate that combining intelligence-informed analytics with structured human judgment enhances audit depth, interpretability, and business relevance. The proposed approach, therefore, provides a foundation for evolving cybersecurity auditing from just periodic compliance assessments, toward a continuous, risk-informed, and governance-aligned assurance system.