Information Assurance vs. Information Security

November 1, 2007

Information assurance (IA) and information security (IS) are often incorrectly used interchangeably, but the two terms are not synonymous. The official definition of IA, as recognized by the U.S. government, is “Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” This definition can be simplified to “the complete preservation of information confidentiality, integrity and availability in all of the informations’ various states, otherwise known as the C.I.A. Model.”

Information security is a large subset of IA which deals primarily with the more glorious tools and tactics for protecting information from threats such as con artists (phishing), hackers (exploits) and malicious code (viruses). IA covers a much broader spectrum of information management and protection such as certification and accreditation (C&A), business continuity planning (BCP), compliance and disaster recovery planning (DRP).

Possibly related posts: (automatically generated)

Entry Filed under: Security Policy, Training. .

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Calendar

November 2007
M T W T F S S
     
 1234
567891011
12131415161718
19202122232425
2627282930  

Most Recent Posts