This review explores the problems Chief Information Security Officers (CISOs) and other cyber professionals face when defending their organization against cyberattacks. Using a Cyber Defense Grid, which was developed based on military science and cybersecurity concepts and terminology, we coded 125 articles published in Information Systems (IS) journals. We also employed three avenues (i.e., lenses) from cybernetic theory to frame the coding results to derive cyber defense strategies. In particular, we propose three strategic cyber defense modes: reactive, heuristic, and proactive. Taken together, these three modes suggest ways in which organizations can react strategically within the whole cyber defense domain.

中文翻译：

---

整个网络防御：实践与理论同步


本次审查探讨了首席信息安全官 (CISO) 和其他网络专业人员在保护其组织免受网络攻击时面临的问题。我们使用基于军事科学和网络安全概念和术语开发的网络防御网格，对信息系统 (IS) 期刊上发表的 125 篇文章进行了编码。我们还采用了控制论中的三种途径（即镜头）来构建编码结果，以得出网络防御策略。我们特别提出了三种战略网络防御模式：反应式、启发式和主动式。综上所述，这三种模式提出了组织在整个网络防御领域进行战略反应的方式。