What is Information Assurance?
Information Assurance refers to the practice of ensuring the confidentiality, integrity, availability, and non-repudiation of important information and information systems. It's a long-term strategy that prioritizes policy implementation over infrastructure development.
Information Assurance Model in Cyber Security
The information assurance security model is a multi-dimensional model which is based on four dimensions:
1.
Information States
Information
states are defined as the interpretation of data, which exists in three states:
stored, processed, and transmitted.
● Storage: It specifies the amount of time that data is
saved on a device such as a hard drive.
● Processing: It specifies the amount of time when data is
being processed.
● Transmission: It specifies the period when data is transferred between two parties.
2.
Security Services
Security
services are the assurance model's fundamental component that delivers system
security and includes the following services:
Confidentiality, Integrity, Availability, Authentication, and
Non-repudiation.
● Confidentiality: Confidentiality ensures that unauthorized parties do not access system information, and only those who are permitted can read and interpret it. Confidentiality protection prevents malicious access and unintended information leakage.
● Integrity: It ensures that personal information is reliable and accurate and that it can't be formed, altered, or deleted without authorization.
● Availability: It ensures that only authorized users have consistent and reliable access to sensitive data. It entails taking steps to maintain data access in the face of system problems and other sources of intervention.
● Authentication: It is a protective measure that establishes the authenticity of message transmission by verifying an individual's identity in order to collect a specific type of information.
● Non-repudiation: It is a method of ensuring that neither the sender nor the receiver can deny their participation in data transmission. When a communicator sends data to a recipient, the recipient receives a delivery verification. When a recipient receives a message, it contains all of the information about the sender.
3.
Security Countermeasures
This
dimension includes features and functionality that protect the system from
immediate vulnerability by considering technology, policy, practice, and
people.
● Technology: To protect the system from vulnerabilities and threats, appropriate firewalls, routers, and intrusion detection must be used.
● Policy and Practice: Every firm has policies that establish norms that everyone who works there must follow. If a system is breached, these policies must be followed to handle sensitive data.
● People: The human being is at the center of the information system. Users and administrators of information systems must adhere to policies and procedures to create effective systems. They must be trained about the information system regularly and be prepared to act effectively to protect it.
4.
Time
This component can be interpreted in a variety of ways. Data may be available offline or online at any time, and information and systems may be in turmoil, posing a risk of unauthorized access. As a result, to limit the risk of security breaches, every component of the Information Assurance model must be thoroughly specified and executed at every level of the System Development Cycle.
Cyber Security with InfosecTrain
InfosecTrain is well-known training company that offers
information security training courses. Join us for a great experience with our
industry experts to gain a solid understanding of cybersecurity
concepts.