Information Security Protection Process

0 / 5. 0

Information Security Protection Process


The information is a fundamental part of any entity and as well as any other asset of the company, the entity has a fundamental value, so that in the same way that financial assets require a safe, the nececite information of the indicated protection. 

General objective

Clearly present all aspects concerning the issue of computer security as well as all its aspects and implications. Information Security Process.

DEFINITION: In general, security is ‘quality or security status, of being free of danger’. In other words, protection against adversaries, of those who would harm, intentionally or otherwise, is the objective. National security, for example, is a several layer system that protects the sovereignty of a state, its assets, its resources and its people. 

The security level of an organization also requires a multifaceted system. A successful organization must have the following security layers to protect its operations:

  • Physical security to protect physical objects, objects or areas of unauthorized access and misuse personnel security, to protect the individual or group of people who are authorized to access the organization and their operations safety of operations, to protect the details ofa particular operation or series of occupations.
  • Communications security, to protect the media, technology and network security content, to protect network components, connections and content
  • Information Security, to protect the confidentiality, integrity and availability of active information, either in storage, processing or transmission. It is achieved through application of policies, education, training and consciousness, and technology. 
  • Assessment. In the evaluation phase, the research phase documents are studied. 



The team carries out a preliminary analysis of existing security policies or programs, together with that of current documented threats and associated controls. This phase also includes an analysis of relevant legal issues that could affect the design of the security solution. Increasingly, privacy laws have become an important consideration by making decisions about information systems that handle personal information. Recently, many states have implemented legislation that makes certain activities related to computer science. A detailed understanding of these problems are vital. Risk management also begins at this stage. Risk management is the process of identifying, evaluating and evaluating the risk levels facing the organization, specifically the threats to the security of the organization and the information stored and processed by the organization. Political policy is a plan or course of action that transmits the instructions of an elderly person of an organization Administration to those who make decisions, make actions and perform other tasks. Policies are organizational laws in the sense that they dictate acceptable and unacceptable behavior within the organization. Like laws, policies define what is correct, what is wrong, what are the sanctions violation of politics, and what is the appeal process. The standards, on the other hand, are more detailed statements of what should be done to comply with the policy. They have the same requirements for compliance as policies. Standards can be informal or be part of an organizational culture, as in de facto standards. Or the standards can be published, analyzed and ratified by Ungroup, as in formal or jure standards. Finally, practices, procedures and guidelines effectively explain how to comply with politics. Figure 5-1 shows policies as the force promoted by standards, which in turn drive practices, procedures and guidelines.Policies are implemented to support the mission, vision and strategic planning of an organization. The mission of an organization is a written statement of the purpose of an organization. 

The administration must define three types of security policies:

  • Business Information Security Policies
  • Specific security policies


Specific security policies

In order for a policy to be effective and, therefore, legally enforceable, the following criteria must be fulfilled: Dissemination (distribution): The organization must be able to demonstrate that politics has easily made available for review by the employee. Common diffusion techniques include printed copy and electronic distribution. Review (Reading): The organization must be able to demonstrate that the document was disseminated in intelligible form, including the versions for illiterate, non -English reading, and employees with reading problems. Common techniques include registering policy in English and other languages.

  • Understanding (understanding): The organization must be able to demonstrate that the employee understood the requirements and content of the policy. Common techniques includes tests and other evaluations.
  • Compliance (Agreement): The organization must be able to demonstrate that the employee agrees to comply with the policy, by act or affirmation. Common techniques includes login banners that require specific action (click of the mouse or key pulsation) to confirm the agreement, or a signed document that clearly indicates that the employee has to read, understand and accept to comply with the policy.
  • Uniform application: the organization must be able to demonstrate that politics has been applied uniformly, regardless of the State or employee assignment.



In the implementation phase, any necessary software is created. The components are ordered received and proven. Subsequently, users receive training and supporting documents are created. Once all components are tested individually, they are installed and tested as a system. Again a feasibility analysis is prepared, and then the sponsors are presented with the system for a performance and acceptance test. At this stage, security solutions are acquired (manufacture or buy), are tested, implemented and tested again. Personal are evaluated the problems and specific training and education programs are carried out. Finally, the entire proven package is presented to the Superior Management for its final approval.KNOWLEDGE MAINTENANCE AND TRANSFER

Maintenance and change is the last phase, although perhaps the most important, given the current constant threat environment. Today’s information security systems need constant monitoring, test, modification, updating and repair. Application systems developed within the framework of traditional security are not designed to anticipate an attack software that requires a certain degree of application reconstruction. In information security, the battle for stable and reliable systems is defensive. Often, repairing damage and restoring information is a constant effort against an invisible adversary. As new threats and old threats arise, the threats evolve, the information security profile of an organization must constantly adapt to preventing threats from penetrating successfully in confidential data. This constant surveillance and security can be compared to that of a fortress where threats from abroad, as well as from within it must be constantly monitored and controlled with continuously new and more innovative technologies. 


Entities must remember that it is very significant for usual audits to be able to defend their systems and that there are no inconveniences or magnos fragilities are discovered. There are various types of audit in the computer security area for which you can choose, such as the company’s security audit. This is the one that concentrates that existing security levels can be examined, in the same way the privacy in which the connections and connections of the company are preserved.


The information security process is fundamental in any entity today. The dependence on information systems and services means that organizations are more vulnerable to security threats. The interconnection of public and private networks and the exchange of information resources increases the difficulty of achieving access control. so to have efficient security processes in any entity today.

Free Information Security Protection Process Essay Sample

Related samples

Zika virus: Transmission form Introduction The Zika virus belongs to the Flaviviradae family, was found for the first time in a monkey called Rhesus febrile and in...

Zika virus: cases and prevention Introduction The World Health Organization (WHO) has confirmed that Zika is a virus caused through the mosquito bite which is...

Zeus The King of Greek mythology Introduction Zeus is the Olympic God of heaven and thunder, the king of all other gods and men and, consequently, the main figure...

Zeus's punishment to Prometheus Introduction Prometheus, punished by Zeus Prometheus, punished by Zeus. Prometheus is a ‘cousin’ of Zeus. He is the son of the...


Leave feedback

Your email address will not be published. Required fields are marked *