Professional Documents
Culture Documents
Information Assurance
Information Assurance
IA PROCESS
Information Assurance (IA) is the study of how to Four Security Engineering Domains
protect your information assets from destruction,
degradation, manipulation and exploitation. But also, 1. Physical security
how to recover should any of those happen. • refers to the protection of hardware, software,
and data against physical threats to reduce or
prevent disruptions to operations and services
and loss of assets.
How about information security?
“the practice of defending information from 2. Personnel security
unauthorized access, use, disclosure, disruption, • a variety of ongoing measures taken to reduce
modification, perusal, inspection, recording or the likelihood and severity of accidental and
destruction.” intentional alteration, destruction,
misappropriation, misuse, misconfiguration,
unauthorized distribution, and unavailability of
an organization’s logical and physical assets, as
the result of action or inaction by insiders and
known outsiders, such as business partners. Security Breach
4. Operational security
• involves the implementation of standard
operational security procedures that define the
nature and frequency of the interaction between
users, systems, and system resources, the
purpose of which is to:
✓ achieve and sustain a known secure system
state at all times
✓ prevent accidental or intentional theft,
release, destruction, alteration, misuse, or
sabotage of system resources.
Information Assurance
1. Business enabler
2. Cost effective and cost beneficial
3. Protects the fabric of an organization’s systems
Three key attributes of information systems:
4. Shared responsibilities
5. Restricted by social obligations 1. Processing capacity – speed
6. 2. Convenience – user friendliness
• Assets 3. Secure – reliable operations
• refers to any pieces of information, device or
some other parts related to them that supports
business activities. 3 views of Security
• Worms
• Trojan Horses
when appropriate. For example, cards such as ID
cards or ATM cards with magnetic strips containing
the digital (and sometimes encrypted) use PIN,
2 types of Access Control compared to the number of user inputs. The smart
card incorporates a computer chip capable of
Physical checking and validating a variety of pieces of
- Physical access control limits access to information rather than just a PIN. Another popular
campuses, buildings, roomsand physical IT assets. tool is the token, a card or key fob with a computer
Logical chip and a liquid crystal display displaying a
- Logical access control limits connections to computer-generated number used to enable
computer networks, system files and data. authentication of remote logins. Tokens are
synchronous or asynchronous.