Information Security Frameworks

The fundamental conclusion is that there is not a one fit all concept that every organisation can apply that achieves 100% information security. A condensed overview of concepts, detail just the tip of the iceberg in a rapidly evolving world of InfoSec models and frameworks. Each concept has its strengths and weaknesses, and organisations should not approach the application of one with a silver bullet mentality.

The security landscape has changed significantly since the introduction of the personal computer and the internet. Before the turn of the millennium, most systems were research-oriented multi-user computers, with little focus on information confidentiality, integrity or availability. Today, over 35,000 new malware instances are identified every day with an increasing rate of related criminal activity and nation-state technology exploitation.

Formulating a distinction between the concepts of information security and information security management is an important requirement to protect against data theft and financial loss, alongside essential dynamics of consciousness, memory and the basic autonomy of human cognitive behaviour.

However, even with all the models and frameworks available to the InfoSec community, the most important concept is the human aspect. A breach could be motivated by personal motives or simply the result of ignorance with a level of ownership given to very user in an organisation to play their part in exhibiting secure behaviour. Everyone has to understand the importance of…