The IT Law Wiki
Advertisement

Definitions[]

Information assurance (IA) refers to:

information operations that protect and defend information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities.[1]
[m]easures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.[2]
the protection of systems and information in storage, processing, or transit from unauthorized access or modification; denial of service to unauthorized users; or the provision of service to authorized users. It also includes those measures necessary to detect, document, and counter such threats, as well as measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.[3]

Overview[]

The five information assurance (IA) pillars are availability, integrity, authentication, confidentiality, and non-repudiation. These pillars and any measures taken to protect and defend information and information systems, to include providing for the restoration of information systems, constitute the essential underpinnings for ensuring trust and integrity in information systems.

The cryptologic components of information assurance primarily address the last four pillars of integrity, authentication, confidentiality, and non-repudiation. These pillars are applied in accordance with the mission needs of particular organizations.

U.S. military[]

The [information assurance] mission has evolved through three very distinct stages: Communications Security (COMSEC), Information Systems Security (INFOSEC) and Information Assurance (IA). Post WWI and the Korean War, COMSEC efforts focused primarily on cryptography (i.e., designing and building encryption devices to provide confidentiality for information). The introduction and widespread use of computers created new demands to protect information exchanges between interconnected computer systems. This demand created the Computer Security (COMPUSEC) discipline. With the introduction of COMPUSEC came the recognition that stand-alone COMSEC and stand-alone COMPUSEC could not protect information during storage, processing or transfer between systems. This recognition gave rise to the term INFOSEC and the information protection mission took on a broader perspective. IA emerged and focused on the need to protect information during transit,processing, or storage within complex and/or widely dispersed computers and communication system networks. IA includes a dynamic dimension where the network architecture is itself a changing environment, including the information protection mechanisms that detect attacks and enable a response to those attacks.

References[]

Source[]

See also[]

Advertisement