ABSTRACT

Information security (InfoSec) has become an important part of every information technology (IT) infrastructure, from small deployments to enterprise-scale systems. These infrastructures contain information that originates from an organization’s day-to-day operations and is stored for current or future use, and whose nature tends to fall into different categories. Because of the fact that virtually all organizations have grown to depend in their internal information systems to operate and make decisions, this information has to be safeguarded in order to assure its three

Contents 21.1 Introduction ................................................................................................................... 426 21.2 Intelligence Cycle Concept ............................................................................................. 427 21.3 Cycle and Its Elements ................................................................................................... 428

21.3.1 Planning ............................................................................................................. 428 21.3.2 Investigation and Collection ............................................................................... 430 21.3.3 Analysis and Production ......................................................................................431 21.3.4 Dissemination and Utilization ............................................................................ 433

21.4 Conclusions .................................................................................................................... 434 References ................................................................................................................................435

main properties: confidentiality, integrity, and availability. Once this need is identified by an organization, the main challenge is adequate planning and successful deployment of an InfoSec infrastructure, which are processes that are often prone to errors that lead to defective solutions; wasted resources; and an increasing risk of information theft, destruction, alteration, and unauthorized dissemination. The main concept addressed in this chapter is the use of intelligence cycle (IC) as a design tool that helps an organization to correctly assess the risks that the organization is facing, the InfoSec resources at hand and the ones that it needs, the way it will allocate these resources in order to put them to work for the benefit of the organization, and the way it will monitor this infrastructure in order to assure a proper level of protection.