Identity Theft is the fastest growing crime in the US according to the FBI
 

What is Information Assurance?

Written by OSAblog on Sunday, August 23rd, 2009

Although the term Information Assurance (IA) may have a modern sound, the concept has, according to McKnight (2002), been around since the times of the Roman Empire when parchment scrolls were sealed with wax to authenticate the sender.  The practice of protecting information has changed along with the means of transporting information.  In the days of the pony express the army helped protect riders to ensure the mail would safely arrive at the intended destination.

Defining Information Assurance

The term assurance has many meanings. In the context of information, it is defined as a measure of confidence that the security features and architecture of an information system accurately mediates and enforces the defined security policy. This assumes that a security policy has been defined, security architecture has been approved, and security features have been implemented. This confidence is based on analysis involving theory, testing, software engineering, and validation and verification. (McKnight, 2002).

Information Assurance and Information Security

Whereas Information Assurance is defined as a measure of confidence, many people not directly involved with IA confuse the concept with Information Security which deals more with providing the means to protect the systems.  The two do, however, work closely together and some concepts would seem to overlap.  Indeed, the CIA (Confidentiality, Integrity, and Availability) triad of Information Security very closely aligns with the five attributes of Information Assurance, which are availability, integrity, authentication, confidentiality, and non-repudiation.

The following is an analysis of the five attributes of Information Assurance and how they relate to the Information Security concepts of the CIA triad:

  • Availability

The CIA triad component of availability establishes a goal to provide “timely and reliable access to and use of information” (Stallings and Brown, 2008).  Whereas, the Information Assurance attribute of availability provides a measure of confidence that the state exists where “information is in the place needed by the user, at the time the user needs it, and in the form needed by the user” (McKnight, 2002).

  • Integrity

The CIA triad component of integrity seeks to ensure that “information and programs are changed only in a specified and authorized manner” (Stallings and Brown, 2008) and that “a system performs its intended function in an unimpaired manner” (Stallings and Brown, 2008).  Whereas, the Information Assurance attribute of integrity provides a measure of confidence that the state of a system is in a “sound, unimpaired, or perfect condition” (McKnight, 2002).

  • Confidentiality

The CIA component of confidentiality preserves “authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information” (Stallings and Brown, 2008).  Whereas, the Information Assurance attribute of confidentiality provides a measure of confidence that sensitive data is held “in confidence, limited to an appropriate set of individuals or organizations” (McKnight, 2002).

  • Authentication

Authentication as an attribute of Information Assurance provides a measure of confidence that, according to McKnight (2002), users or processes that access information are who they say they are and have the appropriate rights to access that information.  Authentication does not directly correlate to the CIA triad but proper implementation of confidentiality would ensure that authentication guidelines are met.

  • Non-Repudiation

The Information Assurance attribute of non-repudiation seeks to remove the validity of such a claim by providing “a service that provides ‘proof of the integrity and origin of data, both in an unforgeable relationship, which can be verified by any third party at any time; or, an authentication that with high assurance can be asserted to be genuine, and that cannot subsequently be refuted’ [5]” (McKnight, 2002).

Conclusion

The provided definition of Information Assurance should remove the confusion that mis-represents this discipline as Information Security.  The preceding analysis of the CIA triad compared to the attributes of Information Assurance, however, demonstrates the close relationship between these two disciplines.  This relationship could be summarized by stating that Information Security is the discipline of defining and implementing the “tasks of guarding digital information, which is typically processed by a computer” (Ciampa, 2005) while the discipline of Information Assurance provides a degree of confidence that the implemented Information Security policies and features are effective. 

References

Ciampa, M. (2005). Chapter 1: Information security
     fundamentals [Power Point Presentation]. Security+
     Guide to Network Security Fundamentals(2nd Ed.).
     Course Technology.

McKnight, W., L., Dr. (2002). What is information assurance?
     CrossTalk The Journal of Defense Software Engineering.
     Retrieved July 13, 2008 from
     http://www.stsc.hill.af.mil/crosstalk/2002/0/mcknight.html.

Stallings, W., and Brown, L. (2008). Chapter 1: Overview.
     Computer Security Principles and Practice. Upper Saddle
     River, NJ: Pearson Education Inc.

Michael Rauch is a graaduate Information Technology student specializing in Information Security. Nichael has developed an interest in Internet Security for the family and this interest is reflected in the site The CheyTech Group.

Article Source:http://www.articlesbase.com/security-articles/what-is-information-assurance-1142179.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

Technorati Tags: , , , , , , , , , , , , , , , , , , ,

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Keystroke Logger - Symantec Reveals Keylogger Priced at $23 Yes, that's the average price for every keylogger software sold in the black market and the most expensive malicious software kit was sold only at $225 in 2008. If you see from the price range, everyone with the money can buy the software and use it for their own purpose.......
  • Defender 2009 – A Rogue Security Program Defender 2009 is a rogue security program that wants users to believe it is capable of removing spyware, viruses, parasites and other security threats from their PC. Hackers design these malicious applications in hopes of frightening you enough that you will purchase their product. This one is not capable of......
  • Online parental settings It is always the duty of the parents to provide the best education to their children. Amidst this, if they find that their kids are misutilising their free time and surfing banned sites, that becomes a grave issue. This is where online parental settings become useful. Through the online parental......
  • Information Security Titles “Out Of Control”         We are in an era where Security and Compliance have made it to the forefront of corporate board room discussions. It is now one of the key topics on the agenda.  Are we protecting our corporate and personal data?  Are we meeting both corporate and regulatory requirements as it......
  • A Protocol for Secure Multi-Party Computation for Preserving Privacy during Data Mining Durgesh Kumar Mishra, Manohar Chandwani Acropolis Institute of Technology and Research, Indore, MP, IndiaIET-DAVV, Indore, MP, India IJCSIS FULL PAPER DOWNLOAD (Click) 1. INTRODUCTIONThe SMC has been a problem that has attracted the attention of scholars and the industry for quite some time. Ironically, it has always been perceived as......
Blog Traffic Exchange Related Websites
  • Eminem, Rihanna Top New Ultimate Chart 'Love the Way You Lie' is #1 on BigChampagne's chart, which factors Internet popularity into its rankings.By Kyle Anderson Eminem Photo: Robyn Beck/ AFP/ Getty Images For half a century, the Billboard Hot 100 has been thought to be the most accurate bellwether of what the biggest songs are. Every......
  • work_retireWorking after Receiving Social Security at Age 62 There are sound financial reasons for waiting to your full retirement age to claim Social Security retirement benefits.  Delaying Social Security until age 70 can enhance those benefits even more.  Nevertheless, many baby boomers will determine that they must or should begin receiving benefits at age 62. Unfortunately, many retirees......
  • Google Acquires ITA Software, Inc. (NASDAQ: GOOG) On July 1, 2010, ITA Software, Inc., (a flight information software company) and Google, Inc. announced they have signed a definitive agreement for Google to acquire ITA Software, Inc., for $700 million in cash (subject to adjustments and customary closing conditions). As stated in a Google press release, “ITA’s very......
  • calculatorUsing the Online Social Security Retirement Benefit Estimator Baby boomers and others thinking ahead about retirement wait patiently and sometimes anxiously for the delivery of their annual paper copy of their Social Security earnings record and benefit estimate.  Mr. GoTo's statement arrives each September.  The benefit estimate information in this statement is useful in several ways.  First, it is a reality check for baby boomers who......
  • social_security_online_applicationHow to Apply for Social Security Benefits Online At last the Social Security Administration is allowing us to apply for Social Security retirement benefits online. Until now, you had to visit a local Social Security office or attempt to apply by telephone.  Now, there is a link directly from the Social Security home page. This is a......
 

Leave a Comment

CommentLuv Enabled

« Kaspersky; Ups the ante | Home | Tools Restricting Malicious Online Resources »