Detection

Definition: Detection, within the context of information security, means recognizing an attempted intrusion or unauthorized access to an information infrastructure. Early discovery of malicious software or other threats is essential. Specialized hardware and software can be programmed or configured, based upon specific Internet telecommunication protocols, to do so. Data packets can be inspected as they arrive to determine if the traffic is authorized or contains the “signatures” or appearance of malware. Suspicious electronic data can then be eliminated. SaaS (Software as a Service) providers are now providing intrusion capabilities.

Its Relevance: Computer and network owners need to use hardware and software that quickly recognizes and mitigates threats in “real time”. The specific methods and procedures that are used need to be detailed in the organization’s information security policies. Related activities include actions to be taken, forensics and “lessons learned”. Without the capacity to discover unauthorized access to a system the successful malicious user could enjoy unending exploitation of your information resources.