Information Cyber Security Process

Information Security Process

Security is a journey not a destination….

We follow many strategies and processes to curb security threats and attacks. Though we adapt many models, the below high-level security process encompasses a holistic approach for protecting information and also to avoid any kind of  security breach.

The uninterrupted aggressive growth of new threats targeting the system vulnerabilities requires timely alteration to the methodologies/activities in the prevention, detection, and response cycle.

Prevention:

Information is an asset that requires proportionate protection capabilities and security measures to protect information from unauthorized modification, destruction, or disclosure whether accidental or intentional.

During the prevention phase, security policies, controls and authorisation should be designed and implemented as per the management policy and other related functions.

Detection:

Detection of a system compromise is utmost crucial. The most important element of this strategy is timely detection and notification of a compromise. Intrusion detection tools, Security monitoring tools, NGFW, Sandboxing currently has the ability to distinguish normal system activity from malicious activity and help to detect and report an alarm or send notification to the right team.

Response:

The response plan should be written and approved by appropriate levels of management. A Computer Security Incident Response Team (CSIRT) should be established with specific roles and responsibilities identified to respond to the multiple events as per the criticality of the event. 

The response process should have an escalation point lead who assigns the responsibility of declaring an incident, coordinating the activities of the CSIRT, and communicating status reports to the higher management.  Management should review each incident case by case basis and act accordingly as per the agreed policy framework and take an appropriate decision.

The prevention, detection and response cycle should be a part of your process to ensure continuous improvement and successfully defeat the known and the unknown threats whether internal or external to the organisation.

Cybkey is a Cyber security IT Managed Professional services Organisation catering to all types of industries. Do not hesitate to reach us at info@cybkey.com for any Cyber security consulting or any security recommendation you may need for your Organisation.

Written by: Arun Velayudhan

(Founder/Technology Advisor)

Mail: arun.velayudhan@tutelage.co.in

Mail: info@cybkey.com

Leave a Reply

Your email address will not be published. Required fields are marked *