Overview of Information Assurance
Essentially, Information Assurance is means of defending and protecting information systems through maintaining qualities in Integrity, Availability, Confidentiality, Authentication, and Non-Repudiation. Society has becomes more reliant on networked systems to store, transmit, and process information. This transformation from an industrial age to a knowledge driven generation has put information at the fingertips of any individual with access to the Internet. The virtualization of all that is known (a.k.a. the digital age) comes of the downside; if information is so easily accessed and interconnectivity across the inner webs of large organizations has been established, it puts information maintained on
…show more content…
The way Information Assurance works is by analyzing information contained on Network Systems, then assigning the information into corresponding threat level classifications. These classifications will be based on the following factors; “what potential value does the information hold to an organization?” and “would the subsequent release of said information cause damage to an organization and how much?” Once these evaluations have been done an organization can move on to the next step, addressing vulnerabilities of Network Systems that contain critical information. As the vulnerability assessment takes place weaknesses that are discovered should be discussed amongst security administrators. The overall outcome of this would be to patch security flaws in the system to better protect assets. At the same time administrators analyze the potential cause and effect of a potential breach in security. While in a perfect world all vulnerabilities would be addressed and fixed, but with the ever evolving technology of the 21st century and the intellect of those individuals who look to abuse their knowledge to gain unauthorized access to systems. The reality is that vulnerabilities (i.e. loopholes, exploits, etc.) will always exist it is just a matter of who finds it. The most important part of the Information Assurance process is this, eliminate all known vulnerabilities while conducting analysis to reduce
In order to ensure that all information manipulated through an IT system is safe and reliable we use some type of information guarantee. Information Assurance manages the risks that can be posed during the transfer and storage of data. It protects the legitimacy and privacy of all data within the IT system. It seems as though information assurance plays with that fine line between security and constancy trying to find a balance of both.
The use of Information technology in business is considered as a path for successes. Also, with the
At this time the measures available to ensure information security include organizational controls such as limiting access to data, firewalls, antivirus systems, encryption, and application controls. When the security of the business fails and the private information of individuals is compromised the company faces many legal actions that can
Information assurance seeks to secure this information from unauthorized access or use. With our ever advancing technological environment, business are struggling to protect themselves and the information that customers have entrusted to them with occasional mis-steps serving as reminders that one can never be too careful.
After the information system is installed, the IS security controls must be monitored and assessed on a continuous basis. Continuous monitoring ensures the security controls in place are effective. In this step, there are five tasks. The first task requires managers to determine the security impact based on the threat environment. The second task is conducting assessments on certain security controls as outlined in their Continuous Monitoring Strategy. The third task is correcting discrepancies found in the assessment. The fourth task requires updating the Security Authorization package based on the previous results. The fifth task requires the appropriate officials to make a risk determination and acceptance by reviewing the reported security
Before I plan for security, I will ensure that the suitable officials are assigned to security responsibilities, continue reviewing the security system controls in their information systems, and authorize the system processing before the operations. These management responsibilities are believed to have responsible agency officials that understand the risks and other factors that could affect the mission. Additionally, these officials must also understand the current status position of their security program and the security controls that protect their information and the information systems that makes investments that mitigate the risk to an acceptable level. The objective is to conduct a day-to-day operation and to accomplish missions with adequate security, including the increase of harm resulting from unauthorized access, modification, disruption, usage, or disclosure of information. The key element of FISMA Implementation Project, NIST developed a Risk Management Framework which will bring all of the FISMA related guidance and security standards to promote developmental comprehension and balance information security programs by different agencies.
All compromises or potential compromises must be immediately reported to the Information Technology department. Network administrators are responsible for acting as local information systems security coordinators. These individuals are responsible for establishing appropriate access privileges, monitoring access control logs, and performing similar security actions for the systems they administer. They also are responsible for reporting all suspicious computer and network-security-related activities to the Manager of IT Networks and Support. Network administrators also implement the requirements of this and other information systems security policies, standards, guidelines, and
As an information security professional my goal is to ease fears of the unknown and provide assurance that confidentiality, integrity, and availability lessens risks that counter continuity. With insight and confidence I will serve as a guide for the speediest acceptable recovery from disasters when they occur. This is my purpose for pursuing the Master of Science in Information Assurance at Davenport University. As is evident with the College of Technology Faculty, my mission is one of achieving expertise and continually questing for knowledge in the complex and evolving world that is informatics security.
Defense-in-depth is a commonly cited best practices strategy for achieving Information Assurance. It is an approach to security that layers controls thus increasing security for the system as a whole (United States National Security Agency, n.d.). Security controls derive from three primary categories: Administrative, Technical/Logical, and Physical/Environmental (Harris & Kumar, 2013, p. 28). To help mature and improve information security as a process and business enabler, it is critical that organizations adapt their understanding and cogency of administrative controls. The information security market is flooded with technical solutions that fit into technical/logical control categories. As more businesses move to the Cloud, physical and environmental controls are relegated to third-parties. To achieve true Defense-in-Depth, businesses must further develop their Administrative controls and efforts. This enables the business to understand the value of security, and enables security to align with business strategy (Cano M., Ph.D, CFE, 2014, p. 51-55). This paper will examine the importance of administrative information security controls and the role they play in Defense-in-Depth strategies by discussing the maturity of security programs, discovery of security program foundations, frameworks, and process, enterprise security architecture, and the governance of information security strategies.
In order to effectively implement security governance, the Corporate Governance Task Force (CGTF) recommends that organizations follow an established framework, such as the IDEAL framework from the Carnegie Mellon University Software Engineering Institute. This framework, which is described in the document “Information Security Governance: Call to Action,” defines the responsibilities of (1) the board of directors or trustees, (2) the senior organizational executive (i.e., CEO), (3) executive team members, (4) senior managers, and (5) all employees and users. This important document can be found at the Information Systems Audit and Control Association (ISACA) Web site at www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=34997.
Technology has grown tremendously over the past few decades. Everyday businesses, governments, and everyday people rely on technology for things from banking to communicating with loved ones and business associates. Disrupting this technology can cause major losses monetarily and in the sense of information. According to Information Security Curriculum Creation: A Case Study, “A survey of undergraduate degree programs in Computer Science, Information Technology, Management Information Science, and others show a lack of emphasis on security issues in their curriculum.” There is a strong need to secure and protect information for many, many reasons and as such it is important that an undergraduate curriculum provides a comprehensive approach to teaching information security concepts to its students.
The ISM guides departments in how to ensure their information is secure. The ISM states that “Information is a continual process, one that extends beyond ensuring that s system is secure at the time of deployment (Department of Defence- Intelligence and Security, 2015).” It includes managing, detecting and reporting cyber security threats and well as information on other types of security relevant to the organisation. In relation to physical security it states best practise, this includes “limiting access to facilities, servers, network devices, ICT equipment and media to authorised personnel only by applying appropriate physical security controls (Department of Defence- Intelligence and Security, 2015).”
Information assurance is a measure that safeguards and defends information and information systems through ensuring availability, authentication, integrity, non-repudiation, and confidentiality. In addition, the measures comprise providing for information system restoration through incorporating detection, protection,
There are some procedures that Organization should follow to protect and maintain the security and integrity of its information systems which include infrastructure and software design, information processing, storage, transmission, retrieval and disposal.
This task necessitated discussing elements 0 to 3 involving deliberations and knowledge sharing on the four elements ‘Introduction’, ‘Responsibility’, ‘Strategy’ and ‘Acquisition’. Previously, I had a hazy understanding of the difference between governance and management, wherein I often used these terms interchangeably