The set of security controls should be designed to support and enforce the Information Security Policy and to minimize all recognized and potential threats. The controls will be considerably more cost effective if included within the design of all services. This ensures continued protection of all existing services and that new services are accessed in line with the policy.

There are various security threats to our infrastructure and we want to prevent or reduce the damage of these as much as possible. Prevention/Risk reduction measures assist us to do this. E.G. Antivirus systems, firewalls etc.

1. In the case that they do pass our prevention mechanisms, we need to have detection techniques to identify when and where they occurred.
2. Once a security incident has occurred, we want to repress or minimize the damage associated with this incident. We then want to correct any damage caused and recover our infrastructure to normal levels. E.G. Antivirus systems quarantining an affected file.
3. After this process we need to review how and why the breach occurred and how successful were we in responding to the breach.

To assist in identifying what controls are missing or ineffective, a matrix can be developed that analyzes each of the control measures used for the different perspectives of security that need to be protected and controlled.

The Information Security Measure Matrix is a useful tool in performing a gap analysis:
• Ensures there is a balance in measures
• Avoids a concentration of measures in either a certain perspective (e.g. technical) or of a certain measure (e.g. detection).

Remember: ultimately it’s a cost-benefit analysis that determines how much you invest in security.

Related Posts

News

ITIL PREDICTIVE ANALYTICS REPORT

  This ITIL report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. The Predictive Analytics Scores below – ordered Read more…

News

Cybersecurity PREDICTIVE ANALYTICS REPORT

Read online and subscribe to Predictive Analytics Email Updates HERE You can have a say in which analytics you need in which timeframe: simply add your (anonymous) need to the list at https://theartofservice.com/predictive-analytics-topics-reports-urgency and we Read more…

News

Storage Technologies PREDICTIVE ANALYTICS REPORT

  This Storage Technologies report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. This predictive analytics evaluates 36 storage-related Read more…