Information Assurance and Security: ITPC23 - SUMMER 2021-2022

INFORMATION ASSURANCE
AND SECURITY
ITPC23 | SUMMER 2021-2022

INFORMATION ASSURANCE AND SECURITY
Suppose you visit an e-commerce website such as your

bank, stock broker, etc.
Before you type in highly sensitive information, you’d like to have
some assurance that your information will be protected.
Do you (have such assurance)?

How can you know?
What security-relevant things do you want to happen,
or not happen when you use such a website?
You might want:

– Privacy of your data – Authorization
– Protection against – Confidentiality
phishing – Non-repudiation
– Integrity of your data – Availability
– Authentication – What else?
Which of these do you think fall under Information

Assurance?
System Quality
According to ISO/IEC Standard 9126-1
(Software Engineering—Product Quality),
the following are all aspects of system quality:
• Functionality • Efficiency
– adequacy • Maintainability
– interoperability • Portability
– correctness
– security
• Reliability Which of these do you think apply to IA?
• Usability
What is Information?
This class is about Information Assurance;

• so what is “information”?
• How does information differ from data?
What is Information?
This class is about Information Assurance;
• so what is “information”? How does information differ from data?
“Information is data endowed with relevance

and purpose. Converting data into information
thus requires knowledge. Knowledge by
definition is specialized.” (Blyth and Kovacich, p. 17)
And what characteristics should information possess to be useful?
It should be: accurate, timely, complete, verifiable, consistent, available.
What is Information Assurance?
• What about “assurance”?

• What does that mean?
• Assurance from what or to do what?
• Is it context-dependent?

What about “assurance”? What does that mean? Assurance from what or to do what? Is it context-dependent?
According to the U.S. Department of Defense, IA involves:

“Actions taken that protect and defend information
and information systems by ensuring their
availability, integrity, authentication, confidentiality,
and non-repudiation. These measures include
providing for restoration of information systems by
incorporating protection, detection, and reaction
capabilities.”
Information Assurance (IA) is the study of how to protect your information assets from
destruction, degradation, manipulation and exploitation. But also, how to recover
should any of those happen. Notice that it is both proactive and reactive.
According to the DoD definition, these are some aspects of

information needing protection or called the 5 pillars of
Information Assurance:
1. Integrity
2. Availability
3. Authentication
4. Confidentiality
5. Nonrepudiation
The five pillars of information assurance can be applied various ways, depending on the sensitivity of
your organization’s information or information systems. Currently, these five pillars are used at the heart
of the US Government’s ability to conduct safe and secure operations in a global environment.
1. Integrity
– Integrity involves assurance that all information systems are
protected and not tampered with. IA aims to maintain integrity
through anti-virus software on all computer systems and ensuring
all staff with access know how to appropriately use their systems
to minimize malware, or viruses entering information systems.
– IT Governance provides a variety of E-learning courses to improve
staff awareness on topics such as phishing and ransomware to
reduce the likelihood of systems being breached; and data being
exposed.
protection against unauthorized modification or destruction of information;

(protection of information systems and assets)
2. Availability
– Availability means those who need access to information, are
allowed to access it. Information should be available to only
those who are aware of the risks associated with information
systems.
timely, reliable access to data and information services for authorized users;
(dependable access to information systems by authorized users)
3. Authentication
– Authentication involves ensuring those who have access to
information are who they say they are. Ways of improving
authentication include methods such as two-factor
authentication, strong passwords, biometrics, and other
devices. Authentication may also be used to itentify not only
users, but also other devices.
security measures to establish the validity of a transmission, message, or originator.

(process of restricting access and confirming identity of users)
4. Confidentiality
– IA involves the confidentiality of information, meaning only
those with authorization may view certain data. This step is
closely mirrored by the six data processing principles of the
General Data Protection Regulation (GDPR), whereby personal
data must be processed in a secure manner "using appropriate
technical and oganizational measures" ("integrity and
confidentiality").
assurance that information is not disclosed to unauthorized persons;

(restriction of access to authorized users only)
5. Non-repudiation
– The final pillar means someone with access to your
organization’s information system cannot deny having
completed an action within the system, as there should be
methods in place to prove that they did make said action.
assurance that the sender is provided with proof of a data delivery and recipient is provided with
proof of the sender’s identity, so that neither can later deny having processed the data.
(forensic tracking to create a reliable “paper trail” of all actions)
According to the DoD definition, these are some aspects of

information needing protection or called the 5 pillars of
Information Assurance:
1. Integrity
2. Availability
3. Authentication
4. Confidentiality
5. Nonrepudiation
Is this specifically a military view? Which of these are the most important?
How would you decide?
Information Assurance (IA)
is the practice of managing information-related risks and the

steps involved to protect information systems such as
computer and network systems.
The US Government's definition of information assurance is:

“measures that protect and defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality, and non-repudiation. These measures
include providing for restoration of information systems by incorporating protection, detection,
and reaction capabilities.”

Information Assurance and Security: ITPC23 - SUMMER 2021-2022

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Assurance and Security: ITPC23 - SUMMER 2021-2022

Uploaded by

Copyright:

Available Formats

INFORMATION ASSURANCE

ITPC23 | SUMMER 2021-2022

Suppose you visit an e-commerce website such as your

Do you (have such assurance)?

You might want:

Which of these do you think fall under Information

This class is about Information Assurance;

“Information is data endowed with relevance

What is Information Assurance?

• What about “assurance”?

What is Information Assurance?

According to the U.S. Department of Defense, IA involves:

What is Information Assurance?

According to the DoD definition, these are some aspects of

What is Information Assurance?

protection against unauthorized modification or destruction of information;

What is Information Assurance?

What is Information Assurance?

security measures to establish the validity of a transmission, message, or originator.

What is Information Assurance?

assurance that information is not disclosed to unauthorized persons;

What is Information Assurance?

What is Information Assurance?

According to the DoD definition, these are some aspects of

What is Information Assurance?

Information Assurance (IA)

is the practice of managing information-related risks and the

The US Government's definition of information assurance is:

You might also like