Information assurance

Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data.

Besides defending against malicious hackers and code (e.g., viruses), IA practitioners consider corporate governance issues such as privacy, regulatory and standards compliance, auditing, business continuity, and disaster recovery as they relate to information systems.

These feedback loop practices were employed while developing WWMCCS military decision support systems.

[3] The last main development of information assurance is implementing distributed systems for the processing and storage of data through techniques like SANs and NAS plus using cloud computing.

[6][7] Information assurance is a collaborative effort of all sectors of life to allow a free and equal exchange of ideas.

[citation needed] Information assurance is built between five pillars: availability, integrity, authentication, confidentiality and nonrepudiation.

As an administrator it is important to emphasize the pillars that you want in order to achieve your desired result for their information system, balancing the aspects of service, and privacy.

[13] A failure of authentication could pose a risk to information integrity as it would allow an unauthorized party to alter content.

Availability of information can be bolstered by the use of backup power, spare data channels, off site capabilities and continuous signal.

This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats.

A framework published by a standards organization, such as NIST RMF, Risk IT, CobiT, PCI DSS or ISO/IEC 27002, may guide development.

Countermeasures may include technical tools such as firewalls and anti-virus software, policies and procedures requiring such controls as regular backups and configuration hardening, employee training in security awareness, or organizing personnel into dedicated computer emergency response team (CERT) or computer security incident response team (CSIRT).

[1] Additionally, Business Risk Management also occurs to comply with federal and international laws regarding the release and security of information such as HIPAA.

[21] There are a number of international and national bodies that issue standards on information assurance practices, policies, and procedures.

The McCumber Cube : one of the common information assurance schematics
OODA Feedback Loop Diagram