< A Secret Shared Is Not A Secret Halved The FBI gets a TiVo… >

Definitions and Assumptions

Posted by Tom Fuller in Blindside project at August 30th, 2007

What is information assurance? I have my own idea. Do you have yours?

Wikipedia starts their coverage with this definition: “Information Assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect the confidentiality, integrity, and availability of data and their delivery systems. These goals are relevant whether the data are in storage, processing, or transit, and whether threatened by malice or accident. In other words, IA is the process of ensuring that the right people get the right information at the right time.”

I suppose that’s okay. It doesn’t really match my own mental map of Information Assurance, though. When I think of Information Assurance, I think of a strategic, board level initiative that commits an organisation to certain principles. These principles are implemented through correct practice of certain disciplines, such as identity management, information security, business continuity, data privacy laws and regulations, etc. These disciplines are enabled by technologies, such as biometrics, database management and protection, correct software development practices, etc. Actually, it may not be that different to what Wikipedia writes later in its page on the subject, ‘a superset of information security’ issues.

How close is this to your views on information assurance?

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Definitions and Assumptions”

  1. Dave Walker Says:
    August 30th, 2007 at 1:43 pm

    I think that you and Wikipedia are looking at opposite sides of the same coin. The Wikipedia article covers “quality of service” requirements, and your view covers “policies, procedures and technologies, backed by legislation where appropriate, which can employed to enable such a quality of service”.Basically, you’re both right - about the only difference I can spot is that some of the technologies you discuss can also be applied to audit, whereas the Wikipedia article currently fails to mention nonrepudiation.
    Of course, that’s nothing an edit wouldn’t fix ;-).

  2. wendyg Says:
    August 30th, 2007 at 3:23 pm

    For want of a better definition, I’ve been thinking of it as similar to Peter Neumann’s RISKS (which also seems to me easier to understand!).

    wg

  3. Blindside : Blog Archive » Unremarked Threats to Information Assurance Says:
    September 4th, 2007 at 7:28 am

    […] to the topic I started a few days back–there are some threats to information assurance that we do not […]

Leave a Reply

Contributors to the Blindside wiki and blog should note their input forms part of a collaborative resource that is Creative Commons (by-sa 2.5) licensed. We hope these resources will be reused and remixed in the public interest. You do not need to seek permission before you re-use our works, although we do require that users attribute Blindside as their source, and license the resulting work under the same terms.

< A Secret Shared Is Not A Secret Halved The FBI gets a TiVo… >