The Intelligence Cycle as a Tool for Effective Information Security Infrastructure Design

Abstract

Information Security infrastructures contain information that originates from an organization's day-to-day operations, is stored for current or future use and whose nature tends to fall into different categories. Because of the fact that virtually all organizations have grown to depend in their internal information systems to operate and take decisions, this information has to be safeguarded in order to assure its three main properties: Confidentiality, integrity and availability. Once this need is identified by an organization, the main challenge is the adequate planning and successful deployment of an InfoSec infrastructure, which are processes that are often prone to errors that lead to defective solutions, wasted resources and an increasing risk of information theft, destruction, alteration and unauthorized dissemination. The main concept addressed in this paper is the use of the Intelligence Cycle (IC) as a design tool that helps an organization to correctly assess the risks that the organization is facing, the InfoSec resources at hand and the ones that it needs, the way it will allocate these resources in order to put them to work for the benefit of the organization and the way it will monitor this infrastructure in order to assure a proper level of protection.