1.2. Understanding the Goals of Information Security
Like so many things, the goals of information security are straightforward. They create the framework that is used for developing and maintaining a security plan. They're remarkably easy to express but extremely hard to carry out. These goals are as follows:
Prevention
Prevention refers to preventing computer or information violations from occurring; it is much easier to deal with violations before they occur than after. Security breaches are also referred to as incidents. When an incident occurs, it may be the result of a breakdown in security procedures.
Incidents come in all shapes and sizes. Simple incidents include things such as losing a password or leaving a terminal logged on overnight. They can also be quite complex and result in the involvement of local or federal law enforcement personnel. If a group of hackers were to attack and deface your website, you would consider this a major incident. Ideally, your security procedures and policies would make you invulnerable to an attack; unfortunately, this isn't usually the case. The better your prevention policies, however, the lower the likelihood of a successful attack occurring.
Detection
Detection refers to identifying events when they occur. Detection is difficult in many situations; an attack on your system may occur over a long period before it's successful. Incident detection involves identifying the assets under attack, how the incident occurred, and who carried it out (or is still doing so). The detection process may involve a variety of complicated tools or a simple examination of the system log files. Detection activities should be ongoing and part of your information security policies and procedures.
Response
Response refers to developing strategies and techniques to deal with an attack or loss. Developing an appropriate response to an incident involves several factors. If the incident was a probe, the attacker may have done no actual harm but may be gathering intelligence about your network or systems. These types of attacks may be random or targeted, and they usually cause little damage. Occasionally, an attack will be successful. When that happens, it is helpful to have a well-thought-out and tested plan you can use to respond, restore operation, and neutralize the threat. It's always better to have a set of procedures and methods in place to recover from an incident than to try to create those processes on-the-fly.
These goals are an important part of setting benchmarks for an organization. You can't allow these policies or goals to become insignificant. If you do, you and your organization are setting yourselves up for a surprise. Unfortunately, the surprise won't be pleasant, and it may be very costly to deal with.