 U.S. Department of Defense Information Assurance emblem Information assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect the confidentiality, integrity, and availability of data and their delivery systems. These goals are relevant whether the data are in storage, processing, or transit, and whether threatened by malice or accident. In other words, IA is the process of ensuring that the right people get the right information at the right time. Image File history File links Broom_icon. ...
Image File history File links This is a lossless scalable vector image. ...
Image File history File links Broom_icon. ...
Image File history File links No higher resolution available. ...
Image File history File links No higher resolution available. ...
This article is about the property of being confidential. For the magazine of the same name, see Confidential (magazine). ...
This article is about the ethical concept. ...
In telecommunications and reliability theory, the term availability has the following meanings: 1. ...
Overview
Information assurance is closely related to information security and the terms are sometimes used interchangeably. However, IA’s broader connotation also includes reliability and emphasizes strategic risk management over tools and tactics. In addition to defending against malicious hackers and code (e.g., viruses), IA includes other corporate governance issues such as privacy, compliance, audits, business continuity, and disaster recovery. Further, while information security draws primarily from computer science, IA is interdisciplinary and draws from multiple fields, including fraud examination, forensic science, military science, management science, systems engineering, security engineering, and criminology, in addition to computer science. Therefore, IA is best thought of as a superset of information security. Information assurance is not just Computer Security because it includes security issues that do not involve computers. Security is everyone’s responsibility. ...
A strategy is a long term plan of action designed to achieve a particular goal, most often winning. Strategy is differentiated from tactics or immediate actions with resources at hand by its nature of being extensively premeditated, and often practically rehearsed. ...
For non-business risks, see risk or the disambiguation page risk analysis. ...
The term Hackers can refer to several things: Hacker - a type of person interested in exploration, usually of a computer or electrical engineering background. ...
This article is about biological infectious particles. ...
Corporate governance is the set of processes, customs, policies, laws and institutions affecting the way in which a corporation is directed, administered or controlled. ...
Privacy is the ability of an individual or group to control the flow of information about themselves and thereby reveal themselves selectively. ...
Audit can refer to: Telecommunication audit Financial audit Performance audit Completion of a course of study for which no assessment is completed or grade awarded; especially audit is awarded to those who have elected not to receive a letter grade for a course in which letter grades typically awarded. ...
Business continuity planning life cycle Business Continuity Planning (BCP) is an interdisciplinary peer mentoring methodology used to create and validate a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical function(s) within a predetermined time after a disaster or extended disruption. ...
This article is about business continuity planning. ...
Computer science, or computing science, is the study of the theoretical foundations of information and computation and their implementation and application in computer systems. ...
Forensics redirects here. ...
Military science concerns itself with the study of the diverse technical, psychological, and practical phenomena that encompass the events that make up warfare, especially armed combat. ...
Management science, or MS, is the discipline of using mathematics, and other analytical methods, to help make better business decisions. ...
Systems engineering techniques are used in complex projects: from spacecrafts to chip design, from robotics to creating large software products to building bridges, Systems engineering uses a host of tools that include modeling & simulation, requirements analysis, and scheduling to manage complexity Systems Engineering (SE) is an interdisciplinary approach and means...
Security engineering is the field of engineering dealing with the security and integrity of real-world systems. ...
Criminology is the scientific study of crime as an individual and social phenomenon. ...
This article describes how security can be achieved through design and engineering. ...
The U.S. Government's National Information Assurance Glossary defines IA as: For other uses of terms redirecting here, see US (disambiguation), USA (disambiguation), and United States (disambiguation) Motto In God We Trust(since 1956) (From Many, One; Latin, traditional) Anthem The Star-Spangled Banner Capital Washington, D.C. Largest city New York City National language English (de facto)1 Demonym American...
The government of the United States, established by the United States Constitution, is a federal republic of 50 states, a few territories and some protectorates. ...
The National Information Assurance Glossary, published by the Committee on National Security Systems of the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabulary for discussing Information Assurance concepts. ...
- Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Information assurance process The IA process typically begins with the enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment. This assessment considers both the probability and impact of the undesired events. The probability component may be subdivided into threats and vulnerabilities. The impact component is usually measured in terms of cost. The product of these values is the total risk. Risk assessment is considered as the innitial and periodical step in a risk management process. ...
Based on the risk assessment, the IA practitioner will develop a risk management plan. This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response. A framework, such as ISO 17799 or ISO/IEC 27002, may be utilized in designing this plan. Countermeasures may include tools such as firewalls and anti-virus software, policies and procedures such as regular backups and configuration hardening, training such as security awareness education, or restructuring such as forming an computer security incident response team (CSIRT) or computer emergency response team (CERT). The cost and benefit of each countermeasure is carefully considered. Thus, the IA practitioner does not seek to eliminate all risks, were that possible, but to manage them in the most cost-effective way. The Risk Management Plan (RMP) is the document prepared by a Project manager to foresee risks, to estimate the effectiveness and to mitigate them. ...
ISO/IEC 17799 is an information security standard published in December 2000 by the International Organization for Standardization and the International Electrotechnical Commission in 2000 entitled Information technology - Code of practice for information security management. ...
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 17799:2005 and subsequently renumbered ISO/IEC 27002:2005 in July 2007, bringing it into line with the other ISO/IEC 27000-series standards. ...
This article is about firewalls used in construction. ...
Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). ...
CSIRT stands for Computer Security Incident Response Team. ...
In economics, cost-effectiveness refers to the comparison of the relative expenditure (costs) and outcomes (effects) associated with two or more courses of action. ...
After the risk management plan is implemented, it is tested and evaluated, perhaps by means of formal audits. The IA process is cyclical; the risk assessment and risk management plan are continuously revised and improved based on data gleaned from evaluation.
See also This article or section does not cite any references or sources. ...
ISO/IEC 27001 part of a growing family of ISO/IEC standards, the ISO/IEC 27000 series is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ...
ISO 9000 specifies requirements for a Quality Management System overseeing the production of a product or service. ...
ISO/IEC 17799 is an information security standard published in December 2000 by the International Organization for Standardization and the International Electrotechnical Commission in 2000 entitled Information technology - Code of practice for information security management. ...
The McCumber Cube In 1991, John McCumber created an early model, for general, architectural description of computer information security, now known as The McCumber Cube. ...
External links
Documentation - DoD Instruction 8500.2 Information Assurance (IA) Implementation
- DoD Instruction 8510.01 DoD Information Assurance Certification and Accreditation Process (DIACAP)
DOD Information Assurance Certification and Accreditation Program, or DIACAP, is the United States Department of Defense Information Assurance Certification and Accreditation Program. ...
EMSEC - AFI 33-203 Vol 1, Emission Security (Soon to be AFSSI 7700)
- AFI 33-203 Vol 3, EMSEC Countermeasures Reviews (Soon to be AFSSI 7702)
- AFI 33-210 Vol 8, Protected Distributed Systems (Soon to be AFSSI 7703)
COMPUSEC - AFMAN 33-223, Identification and Authentication (Soon to be AFSSI 8520)
- AFI 33-202, Vol 6, Identity Management (Soon to be AFSSI 8520)
- (Biometrics) (Soon to be AFSSI 8521)
- AFI 33-202, Vol 1, Chapter 5, Access to Information Systems (Soon to be AFSSI 8522)
- AFI 33-202, Vol 1, Para 3.11, Cross-Domain Solutions (CDS) (Soon to be AFSSI 8540)
- AFI 33-202, Vol 1, Para 4.2, Network Security (Soon to be AFSSI 8550)
- AFI 33-137, Ports, Protocols, and Services (PPS) Management (Soon to be AFSSI 8551)
- AFI 33-230, Information Assurance Assessment and Assistance Program (Soon to be AFSSI 8560)
- AFI 33-219, Section C, Notice and Consent Procedures (Soon to be AFSSI 8561)
- AFSSI 5020, Remanence Security (Soon to be AFSSI 8580)
Organizations
Education and certifications The Master of Science in Information Assurance (MSIA) is a multidisciplinary degree program offered by many leading institutions which combines theory with applied learning in order to enable security practitioners in the field of information security. The Movement of Spiritual Inner Awareness (MSIA) is a new religious movement founded in California in the 1960s by John-Roger (Roger Hinkins). ...
Security is everyone’s responsibility. ...
There is a current and future need for information assurance professionals to support the security needs of the world's information infrastructure. Information Assurance has become a critical issue for businesses in the current era as they wrestle with the problems of external and internal network attack, cyberterrorism, access control systems and regulatory compliance requirements. Information infrastructures are defined by (Hanseth, 2002) as a shared, evolving, open, standardized, and heterogeneous installed base References Ole Hanseth, 2002. ...
Cyber-terrorism is terrorism that uses cracking over computer networks and Internet-based attacks in the service of terrorism. ...
The MSIA degree is a multidisciplinary degree that creates professionals able to navigate and manage the many challenges presented by the demands of modern security and information science. The Movement of Spiritual Inner Awareness (MSIA) is a new religious movement founded in California in the 1960s by John-Roger (Roger Hinkins). ...
Colleges and universities in the United States with accredited Master of Science in Information Assurance or Masters of Information Assurance degree programs
“Neu†redirects here. ...
Alternative meanings: Boston (disambiguation) The 18th_century Old State House in Boston is surrounded by tall buildings of the 19th and 20th centuries. ...
University of Detroit Mercy is the largest and most comprehensive Catholic University in Michigan. ...
Detroit redirects here. ...
Norwich University (NU) is a private university located in Northfield, Vermont. ...
Northfield is a town in Washington County, Vermont, United States. ...
|
Feeds |
Contact