Prevent, Detect and Respond: Phases of Information Security Process
Information security or Infosec is the practice of protecting information by mitigating information risks. Let’s talk about Information security vs Cybersecurity. The fundamental difference between the two is Cybersecurity is meant to protect against attacks in cyberspace. In contrast, Information security is intended to protect data from any form of threat regardless of being analog or digital.
Information security is a part of Information Risk Management. Confidentiality, Integrity, and Availability are the fundamentals principles of Information security. At an organizational level, one always needs a plan that can mitigate threats and help protect the integrity, confidentiality, and availability of your data. To prepare a strong plan, you need to be familiar with the following three distinct phases in Information security planning.
The priority of any Information security plan is to prevent any breach in confidentiality, integrity, and availability of information. Most of the security investment is made in deploying prevention techniques. Organizations have to understand threats, risks to information, and ways to prevent threats from materializing. Network Intrusion prevention system (NIPS), Firewalls, Passwords, MAC address filtering, etc. are some examples of prevention techniques.
As we are all aware, it’s simply not possible to stop every attack; our next goal is to detect the attack as soon as possible. There have been instances when the attacker was able to infiltrate the network and remain there for up to a few months without detection. Prolonged exposures give attackers ample time to sit through, analyze, and extract meaningful and sensitive information from the network. Timely detection of an attack in progress can largely minimize the impact of a successful attack. With the advent of crypto mining, malware attackers aim to stealthily stay in the network for as long as possible to utilize resources (computational power and bandwidth). Log Analysis, Network Intrusion Detection System (NIDS), Closed-circuit TVs (CCTV), Motion detection cameras, Security Audits, etc. are some examples of detection techniques.
Whether or not the detection process was effective, once it is obvious that an organization is under threat, appropriate ways to respond to any situation is the next goal of information security. The response focuses on minimizing and containing the damage which may include shutting down the systems or disconnecting victim systems from the network. It also focuses on Business continuity if primary servers/network has to be disconnected, which may mean operating from a secondary site, or moving to manual processes. Server and data recovery are also part of this phase. Once the attack is stopped, and business continuity is dealt with, damage assessment and thorough investigation is required to trace back the source of the attack, intermediary attack points, and the extent of damage caused. Professional forensic investigators may be required for this phase. The next phase is to correct the mistakes so that such an instance could never happen again. Network intrusion prevention systems (NIPS), Business continuity and disaster recovery methods, Forensic tools are some examples of response techniques.
With so much exposure, organizations are responsible for protecting themselves and their customers’ information. We have to strategize and be prepared for the evil twin while using the technology. Today all organizations either have an active online presence or are in the process of having one.
If you are looking to know more about Cryptography, Information Security, Network Security, Risk Assessment, and Access Control to differentiate yourself in the IT industry, then check BPB Online. We offer relevant and high-quality Cybersecurity books written by a community of instructors, experts, and leaders. You can also check our catalog on Amazon.