Fandom

The IT Law Wiki

Information assurance

32,198pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

Information assurance (IA) refers to:

information operations that protect and defend information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities.[1]
[m]easures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.[2]
the protection of systems and information in storage, processing, or transit from unauthorized access or modification; denial of service to unauthorized users; or the provision of service to authorized users. It also includes those measures necessary to detect, document, and counter such threats, as well as measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.[3]

Overview Edit

The five information assurance (IA) pillars are availability, integrity, authentication, confidentiality, and non-repudiation. These pillars and any measures taken to protect and defend information and information systems, to include providing for the restoration of information systems, constitute the essential underpinnings for ensuring trust and integrity in information systems.

The cryptologic components of information assurance primarily address the last four pillars of integrity, authentication, confidentiality, and non-repudiation. These pillars are applied in accordance with the mission needs of particular organizations.

U.S. military Edit

The [information assurance] mission has evolved through three very distinct stages: Communications Security (COMSEC), Information Systems Security (INFOSEC) and Information Assurance (IA). Post WWI and the Korean War, COMSEC efforts focused primarily on cryptography (i.e., designing and building encryption devices to provide confidentiality for information). The introduction and widespread use of computers created new demands to protect information exchanges between interconnected computer systems. This demand created the Computer Security (COMPUSEC) discipline. With the introduction of COMPUSEC came the recognition that stand-alone COMSEC and stand-alone COMPUSEC could not protect information during storage, processing or transfer between systems. This recognition gave rise to the term INFOSEC and the information protection mission took on a broader perspective. IA emerged and focused on the need to protect information during transit,processing, or storage within complex and/or widely dispersed computers and communication system networks. IA includes a dynamic dimension where the network architecture is itself a changing environment, including the information protection mechanisms that detect attacks and enable a response to those attacks.

References Edit

  1. DoD Directive 3600.01.
  2. NIST Special Publication 800-59; CNSSI 4009.
  3. Army Networks: Size and Scope of Modernization Investment Merit Increased Oversight, at 13.

Source Edit

See also Edit

Also on Fandom

Random Wiki