Acquisitions and implementations are necessary for adequate information security. To realize the information security strategy, information security solutions need to be identified, developed or acquired, as well as implemented and integrated into business and IT processes seamlessly. During an information security product or service acquisition and implementation cycle, changes and maintenance may be required to sustain continued service quality for impacted systems or processes.
Within an entity’s organizational structure, providing acceptable service delivery necessitates the installation of an effective support system. Information security service delivery and support may range from operational protection deployment to crisis response training. However, assessing changes in, and maintenance of, existing systems are critical security service components contributing to delivery value. Required information protection changes and maintenance can be induced through various problems encountered by users or deliberate attacks on the established information security architecture.