Prevent, Detect and Respond: Phases of Information Security Process

We are living in an information age. Everything we know of has turned digital; our finances, business strategies, physical facilities are all centered around the information. Even at the personal front, money in our account is just a number on a banking portal. We chat with our friends rather than writing letters and reading newspapers online and express ourselves on social media. If so much of our lives depend on information then we will have to learn to protect it if not today then tomorrow. It does not matter what profession we are in; we need to safeguard our information from falling into the wrong hands. The information age has permeated in all aspects of our lives. We can love it, hate it, but we can't get away with it. 

Information security or Infosec is the practice of protecting information by mitigating information risks. Let's talk about Information security vs Cybersecurity. The fundamental difference between the two is Cybersecurity is meant to protect attacks in cyberspace. In contrast, Information security is intended to protect data from any form of threat regardless of being analog or digital. 

Information security is a part of Information Risk Management. Confidentiality, Integrity, and Availability are the fundamentals principles of Information security. At an organizational level, one always needs a plan that can mitigate threats and help protect the integrity, confidentiality, and availability of your data. To prepare a strong plan, you need to be familiar with the following three distinct phases in Information security planning.


The priority of any Information security plan is to prevent any breach in confidentiality, integrity, and availability of information. Most of the security investment is made in deploying prevention techniques. Organizations have to understand threats, risks to information, and ways to prevent threats from materializing. Network Intrusion prevention system (NIPS), Firewalls, Passwords, MAC address filtering, etc. are some examples of prevention techniques.


As we are all aware, it's simply not possible to stop every attack; our next goal is to detect the attack as soon as possible. There have been instances when the attacker was able to infiltrate the network and remain there for up to a few months without detection. Prolonged exposures give attackers ample time to sit through, analyze, and extract meaningful and sensitive information from the network. Timely detection of an attack in progress can largely minimize the impact of a successful attack. With the advent of crypto mining, malware attackers aim to stealthily stay in the network for as long as possible to utilize resources (computational power and bandwidth). Log Analysis, Network Intrusion Detection System (NIDS), Closed-circuit TVs (CCTV), Motion detection cameras, Security Audits, etc. are some examples of detection techniques.


Whether or not the detection process was effective, once it is obvious that an organization is under threat, appropriate ways to respond to any situation is the next goal of information security. The response focuses on minimizing and containing the damage which may include shutting down the systems or disconnecting victim systems from the network. It also focuses on Business continuity if primary servers/network has to be disconnected, which may mean operating from a secondary site, or moving to manual processes. Server and data recovery are also part of this phase. Once the attack is stopped, and business continuity is dealt with, damage assessment and thorough investigation is required to trace back the source of the attack, intermediary attack points, and the extent of damage caused. Professional forensic investigators may be required for this phase. The next phase is to correct the mistakes so that such an instance could never happen again. Network intrusion prevention system (NIPS), Business continuity and disaster recovery methods, Forensic tools are some examples of response techniques.

With so much exposure, organizations are responsible for protecting themselves and their customers' information. We have to strategize and be prepared for the evil twin while using the technology. Today all organizations either have an active online presence, or they are in the process of having one. 

There’s more

If you are looking to know more about Cryptography, Information Security, Network Security, Risk Assessment, and Access Control to differentiate yourself in the IT industry, then check BPB Online. We offer relevant and high-quality Cybersecurity books written by a community of instructors, experts, and leaders. You can also check our catalog on Amazon.

Network Security book

Check out our book on Practical Network Security 

Designed for Network Engineers, IT Heads, Network Managers, Network Planning Engineers, Network Operation Engineer interested in understanding Network Security. 

Key takeaways 

  • Implementing Network Security
  • Secure Change Management
  • Vulnerability and Risk Management
  • Capacity Management
  • Network Monitoring
  • Information Security