What is Information Assurance?

Although the term Information Assurance (IA) may have a modern sound, the concept has, according to McKnight (2002), been around since the times of the Roman Empire when parchment scrolls were sealed with wax to authenticate the sender.   The practice of protecting information has changed along with the means of transporting information.   In the days of the pony express the army helped protect riders to ensure the mail would safely arrive at the intended destination. Defining Information Assurance The term assurance has many meanings. In the context of information, it is defined as a measure of confidence that the security features and architecture of an information system accurately mediates and enforces the defined security policy. This assumes that a security policy has been defined, security architecture has been approved, and security features have been implemented. This confidence is based on analysis involving theory, testing, software engineering, and validation and verification. (McKnight, 2002). Information Assurance and Information Security Whereas Information Assurance is defined as a measure of confidence, many people not directly involved with IA confuse the concept with Information Security which deals more with providing the means to protect the systems.   The two do, however, work closely together and some concepts would seem to overlap.   Indeed, the CIA (Confidentiality, Integrity, and Availability) triad of Information Security very closely aligns with the five attributes of Information Assurance, which are availability, integrity, authentication, confidentiality, and non-repudiation. The following is an analysis of the five attributes of Information Assurance and how they relate to the Information Security concepts of the CIA triad: Availability The CIA triad component of availability establishes a goal to provide ?timely and reliable access to and use of information? (Stallings and Brown, 2008).   Whereas, the Information Assurance attribute of availability provides a measure of confidence that the state exists where ?information is in the place needed by the user, at the time the user needs it, and in the form needed by the user” (McKnight, 2002). Integrity The CIA triad component of integrity seeks to ensure that ?information and programs are changed only in a specified and authorized manner? (Stallings and Brown, 2008) and that ?a system performs its intended function in an unimpaired manner? (Stallings and Brown, 2008).   Whereas, the Information Assurance attribute of integrity provides a measure of confidence that the state of a system is in a ?sound, unimpaired, or perfect condition? (McKnight, 2002). Confidentiality The CIA component of confidentiality preserves ?authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information? (Stallings and Brown, 2008).   Whereas, the Information Assurance attribute of confidentiality provides a measure of confidence that sensitive data is held ?in confidence, limited to an appropriate set of individuals or organizations? (McKnight, 2002). Authentication Authentication as an attribute of Information Assurance provides a measure of confidence that, according to McKnight (2002), users or processes that access information are who they say they are and have the appropriate rights to access that information.   Authentication does not directly correlate to the CIA triad but proper implementation of confidentiality would ensure that authentication guidelines are met. Non-Repudiation The Information Assurance attribute of non-repudiation seeks to remove the validity of such a claim by providing ?a service that provides ?proof of the integrity and origin of data, both in an unforgeable relationship, which can be verified by any third party at any time; or, an authentication that with high assurance can be asserted to be genuine, and that cannot subsequently be refuted? [5]? (McKnight, 2002). Conclusion The provided definition of Information Assurance should remove the confusion that mis-represents this discipline as Information Security.   The preceding analysis of the CIA triad compared to the attributes of Information Assurance, however, demonstrates the close relationship between these two disciplines.   This relationship could be summarized by stating that Information Security is the discipline of defining and implementing the ?tasks of guarding digital information, which is typically processed by a computer? (Ciampa, 2005) while the discipline of Information Assurance provides a degree of confidence that the implemented Information Security policies and features are effective.   References Ciampa, M. (2005). Chapter 1: Information security     fundamentals [Power Point Presentation]. Security+     Guide to Network Security Fundamentals(2nd Ed. ).      Course Technology. McKnight, W. , L. , Dr. (2002). What is information assurance?     CrossTalk The Journal of Defense Software Engineering.      Retrieved July 13, 2008 from     http://www. stsc. hill. af. mil/crosstalk/2002/0/mcknight. html. Stallings, W. , and Brown, L. (2008). Chapter 1: Overview.      Computer Security Principles and Practice. Upper Saddle     River, NJ: Pearson Education Inc.