Information Assurance and Security: Overview
Information Assurance and Security: Overview
Information Assurance and Security: Overview
Security: Overview
DEFINITION
Information assurance and security is the management and protection
of knowledge, information, and data.
It combines two fields:
Information assurance, which focuses on ensuring the availability,
integrity, authentication, confidentiality, and non-repudiation of
information and systems. These measures may include providing for
restoration of information systems by incorporating protection,
detection, and reaction capabilities.
Information security, which centers on the protection of information
and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction in order to provide
confidentiality, integrity, and availability.
Information Assurance
“Measures that protect and defend
information and information systems by
ensuring their availability, integrity,
authentication, confidentiality, and non-
repudiation. These measures include
providing for restoration of information
systems by incorporating protection,
detection, and reaction capabilities.”
Confidentiality
Integrity
Availability
Authentication
Non Repudiation
Confidentiality
People
Policy and Practice
Technology
People
The heart and soul of secure
systems.
Awareness, literacy, training,
education in sound practice.
Must follow policy and practice or
the systems will be compromised no
matter how good the design!
Both strength and vulnerability.
Policy and Practice (operations)
System users
System administrators
Software conventions
Trust validation