Information Security Model to Military Organizations in Environment of Information Warfare

This article proposes a model to maximize the information security within military organizations, inserted in environment of Information Warfare. It attempts to answer three fundamental questions, what to do, why and how? to protect the information and Information Systems of possible incidents related to the information security that may affect confidentiality, integrity and availability of information. The main variables to be considered are defined and their possible values are proposed. These variables are obtained by means of an interpretative epistemological approach, through a literature review, the use of research methods of Contents Analysis, Focus Group and the General Morphologic Analysis method. To respond in an integrated manner to the three questions above, the model considers the possible incidents of information security in Information Systems, taking into account primarily the main components of the security risks of Information Systems that collect, store, process, transmit and disseminate the information. Its operation is guided by the military concepts of Information Warfare, Information Assurance, the most important principles of war applied to Defensive Operations and the military doctrine of Information Operations. Given the type of problem identified in the study, focusing primarily on the analysis of scenarios of information security incidents and interconnection with the planning and selection of security controls, the method used is the General Morphological Analysis. This method allows for the prediction of possible scenarios of incidents related to information security at the organizational level, which results in the selection of the most efficient solution of security controls, to maximize the security of information. Information security must guarantee confidentiality, integrity and availability of information and seeks to contribute, by means of the operational implementation of the military concept of Information Assurance, to achieve the information superiority.