Professional Documents
Culture Documents
INFORMATION ASSURANCE
AND INFROMATION SECURITY
What is IA?
Digital Forensic and Cyber Security Center (DFCSC) defines IA
as:
“…the practice of assuring information and managing risks
related to the use, processing, storage, and transmission of
information or data and the systems and processes used for
those purposes. Information assurance includes protection of
the integrity, availability, authenticity, non-repudiation and
confidentiality of user data.
Why Information Assurance is Needed?
Information Assurance is very much
needed in the business. Therefore, “ IA
increases the utility of information to
authorized users and reduces the utility
of information to those unauthorized.”
Information Assurance Process
1. Enumeration and classification of the information assets to be
protected.
2. Conduct of risk assessment for those information assets (to be done
by IA practitioners).
3. Enumerate possible threats capable of assets exploitation by
determining vulnerabilities in the information assets.
4. Consider the probability of a threat exploiting vulnerability in an asset
5. Determine the effect and impact of a threat-exploiting vulnerability in
an asset, with impact usually measured in terms of cost to the asset's
stakeholders.
6. Summarizing the products of the threats' impact and the probability of
their occurrence in the information asset.”
Five Information Assurance Pillar
Five Information Assurance Pillar