Select regional store:

Information Assurance(IA): definition & explanation

What is Information Assurance (IA)?

Information Assurance (IA) is the practice of managing information-related risks and the steps involved to protect information systems such as computer and network systems. 

The US Government's definition of information assurance is:

“measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.”

The 5 pillars of Information Assurance

Information Assurance (IA) is essentially protecting information systems, and is often associated with the following five pillars:

  1. Integrity
  2. Availability
  3. Authentication
  4. Confidentiality
  5. Nonrepudiation

The five pillars of information assurance can be applied various ways, depending on the sensitivity of your organization’s information or information systems. Currently, these five pillars are used at the heart of the US Government’s ability to conduct safe and secure operations in a global environment.

Free PDF download: NIST CSF and ISO 27001 – Becoming cyber secure

The NIST Cybersecurity Framework is a framework that organizations can use to manage and reduce their cybersecurity risks. ISO 27001 sets out the requirements for a best-practice ISMS (information security management system).

Both frameworks are closely aligned, making ISO 27001 an excellent way to comply with the NIST CSF. Learn how they can benefit your organization in our free paper.

Download now

1. Integrity

Integrity involves assurance that all information systems are protected and not tampered with. IA aims to maintain integrity through anti-virus software on all computer systems and ensuring all staff with access know how to appropriately use their systems to minimize malware, or viruses entering information systems.

IT Governance provides a variety of E-learning courses to improve staff awareness on topics such as phishing and ransomware to reduce the likelihood of systems being breached; and data being exposed. 

2. Availability

Availability means those who need access to information, are allowed to access it. Information should be available to only those who are aware of the risks associated with information systems. 

3. Authentication

Authentication involves ensuring those who have access to information are who they say they are. Ways of improving authentication include methods such as two-factor authentication, strong passwords, biometrics, and other devices. Authentication may also be used to itentify not only users, but also other devices. 

4. Confidentiality

IA involves the confidentiality of information, meaning only those with authorization may view certain data. This step is closely mirrored by the six data processing principles of the General Data Protection Regulation (GDPR), whereby personal data must be processed in a secure manner "using appropriate technical and oganizational measures" ("integrity and confidentiality").

5. Nonrepudiation

The final pillar means someone with access to your organization’s information system cannot deny having completed an action within the system, as there should be methods in place to prove that they did make said action.

This website uses cookies. View our cookie policy