As technology is becoming more advanced, people are becoming more unaware of security issues that comes with it. We have decided to cover information assurance to ensure people become more aware of the issues that comes with technology.
IA, or so called information assurance refers to steps and techniques involved in protecting information systems. Information systems include computer systems, networks, and so forth. Because in the technology world, threats like viruses, worms, phishing attacks, social engineering, and identity theft exist, protecting information systems have become valuable, thus creating demand for IA specialist.
Information assurance is concerned with integrity, availability, authentication, confidentiality, and nonrepudiation. These five concepts is basically what ensures the success of information assurance. If you don’t maintain the qualities of these five concepts, it will affect your information systems.
Let’s start off with integrity. Integrity is making sure the information system remains unscathed. Basically you want to make sure the information systems hasn’t been touched by anyone, who could’ve have altered it and so forth. IA takes multiple steps to maintain integrity, such as hashing. Especially in times of investigation, the data must be locked down to ensure it can’t be altered to use it in court. Control not only concerns human prevention but non-human events as well, such as ensuring the parts work correctly.
Availability is making sure the information is available to those with the rights to use it have access to it. For example, when the portion of information system has data loss or interruptions, one must make sure there’s backup plan to ensure availability. Availability is ensured by maintaining all the hardware and software properly. The environment also must be free of issues, because there can be fire hazards, water leak, and so forth. Some companies have disaster recovery plan and also have another server at a different geographical location to ensure availability. Safeguards against possible data loss and interruptions must be calculated to see if it’s cost effective against how much the information systems actually costs.
Authentication involves ensuring that users are who they say they are. This can be done in multiple ways, such as, single factor authentication, two factor authentication, multifactor authentication, single sign on, remote access authentication, and much more. What these do is either ask for your password, pin number, biometrics, and so forth. Authentication also works in other ways, such as identifying the device that’s being used and the message itself.
Confidentiality means that the information is kept hidden from people who shouldn’t have access to it. It’s basically a privacy concern. If Pepsi Company got a hold of a coke’s secret recipe, they could use that information to generate more revenue, causing loss for the coke company. Because information can be used in a negative way, it’s best to keep it confidential, so only people with certain clearance level have access to the information. Since there are people out to get your information, one needs to be wary of social engineering methods, so the information can be safe guarded. Best way to do this is to authenticate as stated previously. Making sure the users are who they say they are by biometric verification, security tokens, and more.
Lastly, nonrepudiation means that someone can’t deny an action because there will be proof that they did it. It’s a guarantee that the sender of message and receiver of the message cannot later deny having sent the message or received the message. Nonrepudiation can be obtained through the use of digital signatures, confirmation services, and timestamps. Nonrepudiation is basically an artifact that may be used against a person who denies certain communication or action.