What is Information Assurance (IA)?
Information Assurance (IA) is the practice of managing information-related risks and the steps involved to protect information systems such as computer and network systems.
The US Government's definition of information assurance is:
“measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.”
The 5 pillars of Information Assurance
Information Assurance (IA) is essentially protecting information systems, and is often associated with the following five pillars:
The five pillars of information assurance can be applied various ways, depending on the sensitivity of your organization’s information or information systems. Currently, these five pillars are used at the heart of the US Government’s ability to conduct safe and secure operations in a global environment.
Integrity involves assurance that all information systems are protected and not tampered with. IA aims to maintain integrity through anti-virus software on all computer systems and ensuring all staff with access know how to appropriately use their systems to minimize malware, or viruses entering information systems.
IT Governance provides a variety of E-learning courses to improve staff awareness on topics such as phishing and ransomware to reduce the likelihood of systems being breached; and data being exposed.
Availability means those who need access to information, are allowed to access it. Information should be available to only those who are aware of the risks associated with information systems.
Authentication involves ensuring those who have access to information are who they say they are. Ways of improving authentication include methods such as two-factor authentication, strong passwords, biometrics, and other devices. Authentication may also be used to itentify not only users, but also other devices.
IA involves the confidentiality of information, meaning only those with authorization may view certain data. This step is closely mirrored by the six data processing principles of the General Data Protection Regulation (GDPR), whereby personal data must be processed in a secure manner "using appropriate technical and oganizational measures" ("integrity and confidentiality").
The final pillar means someone with access to your organization’s information system cannot deny having completed an action within the system, as there should be methods in place to prove that they did make said action.