Student: Thai Thi Mai Trinh _ 0980925
Overview of the information assurance process
Information assurance (IA)
is the practice of managing risks related to the use, processing,
storage, and transmission of information or data and the systems and processes used for
those purposes. While focused dominantly on information in digital form, the full range of IA
encompasses not only digital but also analogy or physical form. Information assurance as a
field has grown from the practice of information security which in turn grew out of practices
and procedures of computer security.
The IA process has three core and two additional principles to create the 5 Pillars of IA. The
three core principles are Confidentiality, Integrity and Availability, and the two additional
principles are Authentication and Non-repudiation.
Assurance that information is not disclosed to unauthorized individuals,
processes, or devices. Confidential information must only be accessed, used, copied, or
disclosed by users who have been authorized, and only when there is a genuine need. A
confidentiality breach occurs when information or information systems have been, or may
have been, accessed, used, copied, or disclosed, or by someone who was not authorized to
have access to the information.
Quality of an IS reflecting the logical correctness and reliability of the operating
system; the logical completeness of the hardware and software implementing the protection
mechanisms; and the consistency of the data structures and occurrence of the stored data.
Note that, in a formal security mode, integrity is interpreted more narrowly to mean
protection against unauthorized modification or destruction of information.
Timely, reliable access to data and information services for authorized users.
Availability means that the information, the computing systems used to process the
information, and the security controls used to protect the information are all available and
functioning correctly when the information is needed. The opposite of availability is the lack
thereof, one example of this is a common attack known as a denial of service (DoS) attack.