Concepts of Information Assurance PDF

Preview

Summary

Concepts of Information Assurance...

Description

CONCEPTS OF INFORMATION ASSURANCE

1

Concepts of Information Assurance Harshit Rawat Wilmington University

Information Technology is widely recognized and adopted as a major driving factor in not

CONCEPTS OF INFORMATION ASSURANCE

2

only the United States but for economy all over the globe. Information technology has been known to provide a certain edge or advantage to many industries in global markets, that in return not only allows the federal governments to provide with better services and facilities to its citizens but also to facilitate greater productivity as a nation. The structure in the organizations these days are designed to meet the needs of basic information security that is codified as a security policy (Kolomiyets, 2017). A security policy can be summed up as a concise but precise statement by the people who are responsible for the entire infrastructure of the system, information values, and organizational commitment. But like every other industry, information technology has its own vulnerable spots. There have been many attacks on many organizations linked to information technology for stealing data and gaining the competitive advantage. Threats to the information systems industry are very varied and diverse in nature and attributes (Bernadette,1993). For instance, a threat to information technology can include environmental disruptions, human or machine errors and mostly on purpose attacks. Cyber attacks on information systems are mostly done by professional hackers in a very aggressive, well disciplined, well organized, and in a very well funded manner (Bernadette,1993). With the number of attacks and attackers increasing at an alarming rate, it is a matter of very serious concern for the public and private sector information systems as they can often result in grave damage to not only the national but the economical security interests of the United States. There are some concepts associated with information systems like risks, usage, processing, storage, and transmission. Information technology risk management is be briefly explained as the methods for risk management to secure information technology in order to manage information technology risks (Kolomiyets, 2017). There are three main protocols to an

CONCEPTS OF INFORMATION ASSURANCE

3

information security management system that help in providing a strong and firm manifestation that the organization is using a linear systematic approach for the identification, assessment and management of information security risks namely establishment, maintenance and continuous update.The process of risk management in information systems should be carried within a specific tool through four primary steps namely, qualitative assessment, prioritization, risk measurement and monitoring risk management actions. It is accepted worldwide that the utilization of information systems is a certain indicator of success, effectiveness, and even acceptance about the researches that have been done in the past that have been found inconsistent in associating between the usage and other factors of system success. A number of times, there are many factors that can influence the usage of an information system but on the other hand, like every other system, information system can tend to have some unique problems in its measurements that make certain validations a tad bit difficult to measure. One factor that many organizations fail to understand and even establish is the simple fact that it must be mandatory to establish the relevance of the methods to measure and analyse the usage of information systems in the organizations. It must be ensured that the usage of information technology is exploited but not over exploited. Information systems carry out a number of steps in order to process a particular task. It is not necessary that all the tasks that the systems process have the same number or even the same sequence of steps to be followed. Information systems have become more and more integrated with the organizational process over the years that has brought about a good change in productivity and better control in the processes that the organizations undergo. Information system process vary from time to time with the advancements in technology. A raw piece of segment called as data in fed into the information system initially. Then the information systems

CONCEPTS OF INFORMATION ASSURANCE

4

process that raw piece of data and applies some processes in some particular order to convert that piece of raw data into useful information. Information systems processes make the day to day lives of people much more easier that it would be without those processes. As per the demand of the information technology, information systems continue to excel every single day because of only and only one reason- the ever increasing demands of the users. In correlation with the demands and needs of the customers and users, information systems need to be able to have access to storage of the data being produced. Storage in terms if information systems is referred to as memory as it can be of any type of hardware whose function includes storing data as well as maintaining and downloading records and files (Zwass, n.d.). These functions can be performed either via permanent or temporary memory storage along with being internal t a device or even being external. Transmission of data in a information system in simples of words can be described as the physical transfer of data over a specific communication channel. To be more precise about the definition, transmission of data on a information system relies on the kind of equipment being used in the transmission. Transmission of data in information systems can be done over a point to point or a point to multipoint communication channel. There can be various kinds of communication channels in various organizations like copper wires, optical fibers, wireless communication channels and computer buses. Majority of the organizations these days use either the optical fibers or wireless channels mode of communications primarily due to the simple fact that these two are not only safe and secure but also fairly cheaper and hassle free than the others. There are a certain number of core principles of that are a must for every organization and business enterprise that operates on information systems. But one common thing in all of the core principles of is that they ensure that only the authorized and approved individual gets access

CONCEPTS OF INFORMATION ASSURANCE

5

to the information at the time of necessity (Zwass, n.d.). There is very likely that the principles are concerned with the confidentiality of information being shared, the integrity of the data or information is ensured, and that the data is available to the authorized personnel at the time of requirement. There are some contrasts in the core principles of the information systems. Integrity is one the core principle of information assurance which ensures that a particular piece of information remains intact in its very original form and is not altered with when it is transferred from one source to another (Bourgeois, n.d.). Confidentiality on the other hand makes sure that the information is not leaked and disclosed only to authorized personnel who has the legal authorization to access that information. Availability is another very important principle of information assurance that is very contrasting from the other two principles. Availability basically that information is being made available to the users within operational parameters (Bourgeois, n.d.). In my opinion, all the three principles of information assurance are equally important and significant but if I were to rank them in order of their priority, I would certainly put confidentiality on the top. The reason behind that would be that if the unauthorized person is allowed to access the information, certainly the integrity of the information is compromised. Secondly I would put integrity of the data as it would be very much important for me as an individual to get authentic and integral information. Lastly, availability of data would be my priority because if a person is authorized to access the information and knows that the data will be integral, then I personally would not mind waiting for a particular information for some time. To sum it up, confidentiality, integrity and availability are some of the very important principles related to information assurance. It is essential to make sure that information is

CONCEPTS OF INFORMATION ASSURANCE

6

safeguarded by developing a very secure system that would not be accessed by unauthorized individuals. High level of integrity and confidentiality should be maintained to ensure that no individual has access to unauthorized information.

References Kolomiyets. T., (2017, January 09). Risk management information system. Retrieved from: https://statswiki.unece.org/display/GORM/7.+Risk+management+information+system

CONCEPTS OF INFORMATION ASSURANCE

7

. Determining information system usage: Some issues and examples. Retrieved from: https://www.sciencedirect.com/science/article/abs/pii/037872069390037T Zwass. V., (n.d.). Information System. Retrieved from: https://www.britannica.com/topic/information-system Bourgeois. D. T., (n.d.). Information Systems for Business and Beyond. Retrieved from: https://bus206.pressbooks.com/...