Security Framework for Information Systems

Nowadays, information is one of the most important resources in an organization, supporting most of the business processes. So, organizations must try to guarantee at all times information's fundamental properties: confidentiality, integrity, and availability. Information Systems are a determining factor for the organization's capability, consisting of a tool that stimulates its productivity, indispensable in the decision making process at the various levels of management. The current network society supported primarily through Internet, presents new threats to information networks that support organizational Information Systems, independently of their dimension, nature, organization and technological resources. This scenario requires the utilization of a Security Framework in order to guarantee the information security, and also to integrate a set of different organizational views: a scientific community (conceptual model); decider's perception (behavioural model); and a technological model, as support for business processes. An established security policy and operational identification and evaluation methodology of risk must be distinguished in order to protect an organization from threats towards its information systems or information resources which it is responsible for. In this paper we propose a Security Framework for organizational Information Systems, to guarantee the security of the major information actives and to serve as a possible model of security information management, to supporting the decision making process on information security and management. We search to minimize the possible actions of Information Warfare / Competitive Intelligence, outlining in this framework the various standards of good information security practises. We have as an objective to guarantee the protection of Information Systems from the various methods of attack in use and types of weapons utilized.