Identity Theft is the fastest growing crime in the US according to the FBI
 

What is Information Assurance?

Written by OSAblog on Sunday, August 23rd, 2009

Although the term Information Assurance (IA) may have a modern sound, the concept has, according to McKnight (2002), been around since the times of the Roman Empire when parchment scrolls were sealed with wax to authenticate the sender.  The practice of protecting information has changed along with the means of transporting information.  In the days of the pony express the army helped protect riders to ensure the mail would safely arrive at the intended destination.

Defining Information Assurance

The term assurance has many meanings. In the context of information, it is defined as a measure of confidence that the security features and architecture of an information system accurately mediates and enforces the defined security policy. This assumes that a security policy has been defined, security architecture has been approved, and security features have been implemented. This confidence is based on analysis involving theory, testing, software engineering, and validation and verification. (McKnight, 2002).

Information Assurance and Information Security

Whereas Information Assurance is defined as a measure of confidence, many people not directly involved with IA confuse the concept with Information Security which deals more with providing the means to protect the systems.  The two do, however, work closely together and some concepts would seem to overlap.  Indeed, the CIA (Confidentiality, Integrity, and Availability) triad of Information Security very closely aligns with the five attributes of Information Assurance, which are availability, integrity, authentication, confidentiality, and non-repudiation.

The following is an analysis of the five attributes of Information Assurance and how they relate to the Information Security concepts of the CIA triad:

  • Availability

The CIA triad component of availability establishes a goal to provide “timely and reliable access to and use of information” (Stallings and Brown, 2008).  Whereas, the Information Assurance attribute of availability provides a measure of confidence that the state exists where “information is in the place needed by the user, at the time the user needs it, and in the form needed by the user” (McKnight, 2002).

  • Integrity

The CIA triad component of integrity seeks to ensure that “information and programs are changed only in a specified and authorized manner” (Stallings and Brown, 2008) and that “a system performs its intended function in an unimpaired manner” (Stallings and Brown, 2008).  Whereas, the Information Assurance attribute of integrity provides a measure of confidence that the state of a system is in a “sound, unimpaired, or perfect condition” (McKnight, 2002).

  • Confidentiality

The CIA component of confidentiality preserves “authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information” (Stallings and Brown, 2008).  Whereas, the Information Assurance attribute of confidentiality provides a measure of confidence that sensitive data is held “in confidence, limited to an appropriate set of individuals or organizations” (McKnight, 2002).

  • Authentication

Authentication as an attribute of Information Assurance provides a measure of confidence that, according to McKnight (2002), users or processes that access information are who they say they are and have the appropriate rights to access that information.  Authentication does not directly correlate to the CIA triad but proper implementation of confidentiality would ensure that authentication guidelines are met.

  • Non-Repudiation

The Information Assurance attribute of non-repudiation seeks to remove the validity of such a claim by providing “a service that provides ‘proof of the integrity and origin of data, both in an unforgeable relationship, which can be verified by any third party at any time; or, an authentication that with high assurance can be asserted to be genuine, and that cannot subsequently be refuted’ [5]” (McKnight, 2002).

Conclusion

The provided definition of Information Assurance should remove the confusion that mis-represents this discipline as Information Security.  The preceding analysis of the CIA triad compared to the attributes of Information Assurance, however, demonstrates the close relationship between these two disciplines.  This relationship could be summarized by stating that Information Security is the discipline of defining and implementing the “tasks of guarding digital information, which is typically processed by a computer” (Ciampa, 2005) while the discipline of Information Assurance provides a degree of confidence that the implemented Information Security policies and features are effective. 

References

Ciampa, M. (2005). Chapter 1: Information security
     fundamentals [Power Point Presentation]. Security+
     Guide to Network Security Fundamentals(2nd Ed.).
     Course Technology.

McKnight, W., L., Dr. (2002). What is information assurance?
     CrossTalk The Journal of Defense Software Engineering.
     Retrieved July 13, 2008 from
     http://www.stsc.hill.af.mil/crosstalk/2002/0/mcknight.html.

Stallings, W., and Brown, L. (2008). Chapter 1: Overview.
     Computer Security Principles and Practice. Upper Saddle
     River, NJ: Pearson Education Inc.

Michael Rauch is a graaduate Information Technology student specializing in Information Security. Nichael has developed an interest in Internet Security for the family and this interest is reflected in the site The CheyTech Group.

Article Source:http://www.articlesbase.com/security-articles/what-is-information-assurance-1142179.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

Technorati Tags: , , , , , , , , , , , , , , , , , , ,

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • A Protocol for Secure Multi-Party Computation for Preserving Privacy during Data Mining Durgesh Kumar Mishra, Manohar Chandwani Acropolis Institute of Technology and Research, Indore, MP, IndiaIET-DAVV, Indore, MP, India IJCSIS FULL PAPER DOWNLOAD (Click) 1. INTRODUCTIONThe SMC has been a problem that has attracted the attention of scholars and the industry for quite some time. Ironically, it has always been perceived as......
  • Information Security Titles “Out Of Control”         We are in an era where Security and Compliance have made it to the forefront of corporate board room discussions. It is now one of the key topics on the agenda.  Are we protecting our corporate and personal data?  Are we meeting both corporate and regulatory requirements as it......
  • Security in E-Business Security in E-Business: An Introduction           A central issue in the commercial use of the Internet is security. Surveys state that the economic success of electronic business applications is inhibited because the Internet lacks appropriate security measures. One way to increase the trust of consumers in electronic business applications is......
  • Protecting Your Children Online With Security Privacy Tips We may think we're playing it safe by having our kids at home on the computer where we can see them, but the dangers in cyberspace would shock you. To prevent a tragedy from happening, you must provide your kids with accurate safety information when using the computer. A good......
  • Online parental settings It is always the duty of the parents to provide the best education to their children. Amidst this, if they find that their kids are misutilising their free time and surfing banned sites, that becomes a grave issue. This is where online parental settings become useful. Through the online parental......
Blog Traffic Exchange Related Websites
  • Traditional and Web Application Testing There are several components of traditional application testing that can be used in the web testing process because of best practices along with the probability that traditional systems may be supporting the web system in the background. Some of the components of traditional testing that can be used in......
  • Importance Of Visitors In Online Business The importance of visitors to your online business site is the most incredible assert compared to any other business attributes. The sole purpose of any online business is to give the visitors  something valuable or a quality service offered. But the ultimate aim is to making money from the business.......
  • SocializerSocializer, Automatic submission of social bookmarks OSA What's the Socializer? The Socializer allows you to easily submit a link to several social bookmarking systems. Instead of having a link to each social bookmarking website, you have a single link to all of them! The Socializer is a free service from eKstreme.com. Socializer, Automatic submission of social bookmarks,......
  • PayPalBeware PayPal Fraud Ever heard of "Phishing?" According to Wikipedia it is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.Well, in the past day I've received two different emails labeled Receipt For Your Payment......
  • Signing up for Prosper Well, I took the plunge and signed up as a lender on Prosper. They were unable to verify my information online though, so I had to send them a fax. I'm not sure how long the process will take from here -- probably less time than it will take me......
 

Leave a Comment

CommentLuv Enabled

« Kaspersky; Ups the ante | Home | Tools Restricting Malicious Online Resources »