Featured Post

test270621

Wednesday, February 17, 2010

Information assurance (IA)


Information assurance (IA) is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. While focused dominantly on information in digital form, the full range of IA encompasses not only digital but also analog or physical form. Information assurance as a field has grown from the practice of information security which in turn grew out of practices and procedures of computer security.

There are three models used in the practice of IA to define assurance requirements and assist in covering all necessary aspects or attributes.

The first is the classic information security model, also called the CIA Triad, which addresses three attributes of information and information systems, confidentiality, integrity, and availability. This C-I-A model is extremely useful for teaching introductory and basic concepts of information security and assurance; the initials are an easy mnemonic to remember, and when properly understood, can prompt systems designers and users to address the most pressing aspects of assurance.

The next most widely known model is the Five Pillars of IA model, promulgated by the U.S. Department of Defense (DoD) in a variety of publications, beginning with the National Information Assurance Glossary, Committee on National Security Systems Instruction CNSSI-4009. Here is the definition from that publication: "Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities." Tee Five Pillars model is sometimes criticized because authentication and non-repudiation are not attributes of information or systems; rather, they are procedures or methods useful to assure the integrity and authenticity of information, and to protect the confidentiality of those same.

The third IA model, less widely known but considered by many IA practitioners and professionals to be the most complete and accurate of the three, is the Parkerian Hexad, first introduced by Donn. B. Parker in 1998. Like the Five Pillars, Parker's hexad begins with the C-I-A model but builds it out by adding three more attributes of authenticity, utility, and possession (or control). It is significant to point out that the concept or attribute of authenticity, as described by Parker, is not identical to the pillar of authentication as described by the U.S. DoD.

Pic: U.S. Department of Defense Information Assurance emblem

From:

Wikipedia's

No comments:

Post a Comment