Information Assurance vs. Information Security

Information assurance (IA) and information security (IS) are often incorrectly used interchangeably, but the two terms are not synonymous. The official definition of IA, as recognized by the U.S. government, is “Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” This definition can be simplified to “the complete preservation of information confidentiality, integrity and availability in all of the informations’ various states, otherwise known as the C.I.A. Model.”

Information security is a large subset of IA which deals primarily with the more glorious tools and tactics for protecting information from threats such as con artists (phishing), hackers (exploits) and malicious code (viruses). IA covers a much broader spectrum of information management and protection such as certification and accreditation (C&A), business continuity planning (BCP), compliance and disaster recovery planning (DRP).