Information Assurance

We live and conduct business in an active asymmetric affright environment. An individual, business or agreement must(prenominal) adapt and protect its zippy information assets and critical digital base of operations. Failure to do so is judicious and may be considered as an obvious lack of due application for people who have fiduciary and custodial responsibilities.Any event that causes victimize to information resources, whether it is a computer virus, natural disaster or governing body failure could be devastating to an individual (i.e. identity theft), company, its customers, suppliers and shareholders. Failing to do so may threaten the survival of the company itself.An information arranging security br separately could gist in serious financial losses, the apocalypse of protect private information, loss of research and development data or fines by regulatory agencies. Losses due to intrusions into an information system could negatively affect the general public (i.e. power failures). This might result in costly class action lawsuits that could exceed an organizations ability to pay and result in its dissolution. Even an individual might be sued for negligence and be financially ruined.So how should an organization or person protect its valuable digital processing al-Qaeda? A business should establish and impose a comprehensive information agency plan. Individuals should at least shroud the components of a professional information assurance plan. Doing so is evidence that the infrastructure owners are attempting to practice due diligence.An information assurance plan for an organization should be formalized and approved in the organizations policies and have the following components Confidentiality, Integrity, handiness, business and Non-Repudiation.Lets briefly examine eachA. Confidentiality refers to restricting access to data, information or to any component of the digital processing infrastructure unless there is a Need for an individ ual to be able to access it. The need must be aligned with an employees job requirements and the mission of the organization. Strong confidentiality prevents the disclosure of subtile records, research and development information.B. Integrity refers to maintaining the validity and reliability of information that is to be used for decision- fashioning. An information infrastructure that has integrity can be depended upon when making decisions. The information is otherwise useless. Integrity must be aggressively assured.C. Availability is that characteristic of information, which assures that critical information is ready for access precisely when, and where it is indispensable and to whom it is needed so that decisions can be made. Computers and networks must be protected to assure that mission critical data is on hand when needed.D. answerableness refers to the idea of assigning responsibility to an individual or group of individuals for each part of the digital processing infras tructure. Each time the information infrastructure is accessed someone needs to be responsible for its safe and legitimate use. otherwise the system is open to serious security breaches.E. Non-Repudiation is that component of information assurance that guarantees each party to a transaction is bound to its results. E-commerce, for example, would be unacceptable without provisions for assuring that a customer actually made a purchase.Maintaining the confidentiality, integrity, availability and non-repudiation of the information processing infrastructure is vital to the survival of an organization.