What is Information Assurance (IA)?
Information Assurance (IA) is the practice of managing information-related risks and the steps involved to protect information systems such as computer and network systems. The IA transformation is a partnership that stretches across the Department of Defense (DoD), Office of National Intelligence, Committee on National Security Systems, National Institute of Science and Technology (NIST), and the Office of Management and Budget.
The US Government's definition of information assurance is:
“measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.”
Information Assurance (IA) is essentially protecting information systems, and is often associated with the following five pillars:
The following pillars can be applied in a variety of ways, depending on the sensitivity of the information, or information systems within your organization. Currently, these five pillars are used at the heart of the US Governments ability to conduct safe and secure operations in a global environment.
Integrity involves assurance that all information systems are protected and not tampered with. IA aims to maintain integrity through means such as anti-virus software on all computer system, and ensuring all staff with access to know how to appropriately use their systems to minimize malware, or viruses entering information systems.
IT Governance provides a variety of E-learning courses to improve staff awareness on topics such as phishing and ransomware, as a means to reduce the likelihood of system being breached, and data exposed.
Availability simply means those who need access to information, are allowed to access it. Information should be available to only those who are aware of the risks associated with information systems.
Authentication involves ensuring those who have access to information, are who they say they are. Ways of improving authentication involve methods such as two-factor authentication, strong passwords, bio-metrics and other devices. Authentication may also be used to not only identify users, but also other devices.
IA involves the confidentiality of information, meaning only those with authorization may view certain data. This step is closely mirrored by the six data processing principles of the General Data Protection Regulation (GDPR), where by personal data must be processed in a secure manner "using appropriate technical and oganizational measures" ("integrity and confidentiality").
The final pillar simply means someone with access to your organizations information system cannot deny having completed an action within the system, as there should be methods in place to prove that they did make said action.