Question

The development of effective prevention, detection, and response procedures require significant amounts of information and corporate intelligence as a basis for sound decision making. True False

Answer 1

True-

The development of effective prevention, detection, and response procedures require significant amounts of information and corporate intelligence as a basis for sound decision making. As explained below-

Information security is a process that can be grouped into three phases:-

1. Prevention
2. Detection and
3. Response

Each of the phases requires diffrent types of protocols and strategies through which they will move to the next phase. A change in one phase may effect the entire process so to make sure consistency we need proactive strategy.

Let's understand what these three phases means in information and corporate intelligence as a basis for sound decision making-

1. Prevention- Information is an asset that requires protection commensurate with its value. Security measures must be taken to protect information from unauthorized modification and destruction. During the prevention phase, security policies, controls and processes should be designed and implemented. The information security policy is the cornerstone from which all else is built.
2. Detection- Detection of a system compromise is extremely critical. With the everincreasing threat environment, no matter what level of protection a system may have, it will get compromised given a greater level of motivation and skill. There is no full proof “silver bullet” security solution. The most important element of this strategy is timely detection and modification in the controls.Intrusion detection systems (IDS) are utilized for this purpose.
3. Response- The response to an incident should be planned well in advance. Making important decisions or developing policy while under attack is a recipe for disaster. The response plan should be written and ratified by appropriate levels of management. It should clearly prioritize different types of events and require a level of response suitable for the level of event/threat.

Note- As I have explained above, the information security process is a journey and not a destination. It is a dynamic process requiring skilled management and flexibility in a corporate intelligence as a basis for sound decision making, in such a way the devlopment of effective prevention, detection and response requires significant amount of information(as now a days information is the most valuable asset through which management makes dicision to diversify its operations) and corporate intelligence (used by top level management) as a basis for sound decision making in the on going business process to secure data/information.