What is Information Assurance (IA)?
Information Assurance (IA)is the practice of managing information-related risks and the steps involved to protect information systems such as computer and network systems.
The US Government's definition of information assurance is:
“measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.”
The 5 pillars of Information Assurance
Information Assurance (IA) is essentially protecting information systems, and isoften associated with the following five pillars:
- Integrity
- Availability
- Authentication
- Confidentiality
- Nonrepudiation
The five pillars of information assurance can be applied various ways, depending on the sensitivity of your organization’s information or information systems. Currently, these five pillars are used at the heart of the US Government’s ability to conduct safe and secure operations in a global environment.
Free PDF download: NIST CSF and ISO 27001 – Becoming cyber secure
The NIST Cybersecurity Framework is a framework that organizations can use to manage and reduce their cybersecurity risks. ISO 27001 sets out the requirements for a best-practice ISMS (information security management system).
Both frameworks are closely aligned, making ISO 27001 an excellent way to comply with the NIST CSF. Learn how they can benefit your organization in our free paper.
1. Integrity
Integrity involves assurance that all information systems are protected and not tampered with. IA aims tomaintain integrity throughanti-virus software onall computer systemsand ensuring all staff with access know how to appropriately use their systems to minimize malware, or viruses entering information systems.
IT Governance provides a varietyofE-learning coursesto improve staff awareness on topics such as phishing and ransomware to reduce the likelihood of systems being breached;and data being exposed.
2. Availability
Availability means those who need access to information, are allowed to access it. Information should be available to only those who are aware of the risks associated with information systems.
3. Authentication
Authentication involves ensuring those who have access to informationare who they say they are. Ways of improving authentication include methods such as two-factor authentication, strong passwords, biometrics, and other devices. Authentication may also be used to itentify not only users, but also other devices.
4. Confidentiality
IA involves the confidentiality of information, meaning only those with authorization may view certain data. This step is closely mirroredby the six data processing principles of the General Data Protection Regulation (GDPR), whereby personaldata must be processed in a secure manner"using appropriate technical and oganizational measures" ("integrity and confidentiality").
5. Nonrepudiation
The final pillar means someone with access to your organization’s information system cannot deny having completed an action within the system, as there should be methodsin place to prove that they did make said action.