Attached.

Running Head: CONCEPTS OF INFORMATION ASSURANCE

Concepts of Information Assurance
Name
Tutor
Course
Date

1

CONCEPTS OF INFORMATION ASSURANCE

2

Information assurance can be considered to be a broad and interdisciplinary field.
The practice assures on confidentiality of information. It also enables practitioners to have an
idea of how they can manage the risks involved through the use of the information. Through
information assurance confidentiality, integrity, availability, non-repudiation, and authenticity of
user information is protected. Maintaining all the assurance concepts involves controls that make
information system efficient towards accomplishment of its purpose. Through Information
Assurance (IA) right information should be delivered to the right individuals at the right time.
The assurance ensures that information is well protected through keeping operations in the
information technology within the acceptable mission integrity boundaries (Blyth & Kovacich,
2001). An information system should provide some freedom to its users but at the same time it
should balance with the right amount of security on the information. Major risks are facing many
organizations when it comes to data protection and security and this has given the organizations
huge tasks putting measures that would meet a wide range of requirements. The practice ensures
that there are benefits such as system safety and security, resilience, and trust of information
increasing the utility of information to its users.
Through the process, different policies and standards are applied and mechanisms
defined that maintain mission integrity with respect to people, process, technology, information,
and supporting infrastructure. Proper definition and application of these methodologies ensures
the provision of confidentiality, integrity, availability, possession, authentication, privacy, and
nonrepudiation of information in all forms and during all exchanges. Information assurance
system should be capable of restoring information by incorporating protection, detection, and
reaction capabilities (Curts & Campbell, 2003). Before implementing on any information
systems, organizations should first understand all the risks that the organization is being

CONCEPTS OF INFORMATION ASSURANCE

3

protected from. This will ensure that the best security protection measures are applied according
to the users’ environment. Understanding this requires first understanding on the basic
fundamental concepts that sets standards of allowing better security controls. Information
assurance system can be based on various concepts depending on the relevant organizational
requirements and regulations but there are three main fundamental basic concepts that include
Confidentiality, Integrity, and Availability (CIA). Organizations have used this CIA triad model
as a guide to the policies for information security (Andress, 2015).
Confidentiality
Confidentiality is a major component of security that provides set of rules that
limits access to information. It ensures that information is only disclosed to those individuals
with the authority as a way of preventing sensitive information from reaching the wrong people
and the right people getting it. Before information is protected, it is important to understand the
cost involved and the amount and type of damage that it is likely to be exposed to. Risks include
such as unauthorized printing, copying, emailing, and modification of the documents....