What is Information Assurance(IA) and how it is different from Information security? and it's scope.
Importance of people in Information Assurance and
Information Assurance 3-Dimensional Model
2. Defination:
Informatin Assurance (IA) is the term related to the
management of risks associated with the
information system of an organisation. IA is defined
as the set of measures Applied to protect
information systems and the information of an
organisation.it ensure
Availability,Integrity,Authentication,Confidentiality
and Non-repudiation of an organisation's information
and IS.
3. Defination According to the
Information System Security Committee
(NSTISSC)
" Information operation (IO) that protect and defend
information and information systems by ensuring their
Availability,Integrity,Authentication,Confidentiality and Non-
repudiation. This includes provides for restoration of
information systems by incorporating protection,detection
and reaction capabilities."
4. Difference between Information Security and IA
Information Assurance
■ Focuses mainly on strategy.
■ Covers information management
and protection in a larger domain.
■ Keeps focus on the overall risk
management for the security of an
organization.
Infromation Security
■ Focuses primarily on tools and
tactics.
■ Gives importance and priority to
technology and operation.
■ Concentrates on application and
infrastructure developed to provide
security.
6. Integrety:
Integrity involves making sure that an information system remains unscathed and that no one has tampered
with it. IA takes steps to maintain integrity, such as having anti-virus software in place so that data will not be
altered or destroyed, and having policies in place so that users know how to properly utilize their systems to
minimize malicious code from entering them.
Availability:
Availability is the facet of IA where information must be available for use by those that are allowed to
access it. Protecting the availability can involve protecting against malicious code, hackers and any other
threat that could block access to the information system.
Authentication:
Authentication involves ensuring that users are who they say they are. Methods used for authentication are
user names, passwords, biometrics, tokens and other devices. Authentication is also used in other ways --
not just for identifying users, but also for identifying devices and data messages.
7. Confidentiality:
IA involves keeping information confidential. This means that only those authorized to view information are
allowed access to it. Information needs to be kept confidential. This is commonly found, for example, in the
military, where information is classified or only people with certain clearance levels are allowed access to
highly confidential information.
Non-repudiation:
The final pillar is nonrepudiation. This means that someone cannot deny having completed an action
because there will be proof that they did it.
8. 3-D IA Model
IA is not limited to protection only,but
it expands to the point of taking
offensive measures also in order to
secure the information systems and
the information.The scope of IA is very
widespread.
IA is not a single discipline,as stated
earlier.it also covers multiple
dimensions.The 3-D IA model covers
information states,security services,
and security countermeasures that
are established over time.This model
can be represented as shown in
figure.
9. The three-dimensional IA model is explained as follows:
o Information states:
Information resides in a system in stored form,processed form or transmitted form. These
three forms are referred to as the states of information,which may also exist in more than one
state.For example,information being transmiited is usually stored in disks at the sender
end.so,this information would be in both transmitted and stored states.
o Security services:
Five essential security services are provided in the IA model.The services include
Availability,Integrity,Authentication,Confidentiality, and Non-repudiation.which we will discuss
already.
o Security countermeasures:
After the risks are assessed and analysed,it is time to react.Your systems must include
certain countermeasures for maintaining the security and IA.These security
countermeasures are applied against vulnerabilities through technology,people, and
operations.In terms of technology,you can use cryptography,firewalls,routers,intrusion
detection systems, and a number of other components for the maintenance of IA.