Report and communicate the results of findings and incidents via an effective process:
The result of a properly executed security architecture is improved CIA. Ultimately, this section is all about identifying and implementing controls. Everything aforementioned in this paragraph represents the key foundation of information security architecture. In most cases, it's also necessary to identify and implement specific technology to enforce these standards, policies, and processes. The primary goal here is to establish the necessary standards, policies, and processes to support the efforts of a security governance model. This in turn, allows for proper remediation against the vulnerabilities and threats that add unnecessary risk.ĭetermine which measures (standards, policy, process, and technology) will protect information: By identifying the vulnerabilities and threats against information assets, risk is better understood. As a result, it's essential to proactively identify these vulnerabilities and threats, and determine the likelihood that something will occur. Malware, viruses, worms, and operating system deficiencies are a constant threat to information assets. The goal here is to identify system vulnerabilities which are potential threats to hosted information assets. Identify vulnerabilities and potential threats, including likelihood of occurrence: Overall, this objective is relative to assigning and managing risk. In terms of classification confidentiality often refers to sensitivity and the required access controls to protect the data, availability is a measure of criticality, and integrity is based on accuracy. To determine which measures are necessary to adequately protect the information, the asset must be classified. The premise of this objective is to associate an owner to each information asset in order to assign the appropriate classification level.
It's always good info-sec practice to identify, classify, and assign a data/system owner.
Identifying and classifying information helps facilitate the decision making process regarding the level of security that is required to protect each information asset. Identify the information that requires the most protection: In order to accomplish this goal, the following six objectives must be met: The framework primarily consists of six separate objectives, all dependent on each-other to ultimately create a unified process with one purpose - to keep information safe and secure from unlawful or malicious intent. The purpose of this article is to present a systematic approach using a framework based on the principles of CIA to achieve a higher level of protection against information exposure and risk. The definition of information security as per Wikipedia is "a means of protecting information and information systems from unauthorized access, use, disclosure, modification, or destruction." Often referred to as CIA, this represents the core principals of information security as a "framework."
An effective security framework (a series of processes), ensures the confidentiality, integrity, and availability of this information. Information is a valuable asset to any person(s) or organization - that's a fact! As a result, it needs to be protected to ensure that it remains out of harm's way.