Information assurance (IA)is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. While focused dominantly on information in digital form, the full range of IA encompasses not only digital but also analog or physical form. Information assurance as a field has grown from the practice of information security which in turn grew out of practices and procedures of computer security.
There are three models used in the practice of IA to define assurance requirements and assist in covering all necessary aspects or attributes.
The first is the classic information security model, also called the CIA Triad, which addresses three attributes of information and information systems, confidentiality, integrity, and availability. This C-I-A model is extremely useful for teaching introductory and basic concepts of information security and assurance; the initials are an easy mnemonic to remember, and when properly understood, can prompt systems designers and users to address the most pressing aspects of assurance.
The next most widely known model is the Five Pillars of IA model, promulgated by the U.S. Department of Defense (DoD) in a variety of publications, beginning with the National Information Assurance Glossary, Committee on National Security Systems Instruction CNSSI-4009*. Here is the definition from that publication: "Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities." The Five Pillars model is sometimes criticized because authentication and non-repudiation are not attributes of information or systems; rather, they are procedures or methods useful to assure the integrity and authenticity of information, and to protect the confidentiality of those same.
*[available at http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf ]
A third, less widely known IA model is the Parkerian Hexad, first introduced by Don B. Parker in 1998. Like the Five Pillars, Parker's Hexad begins with the C-I-A model but builds it out by adding authenticity, utility, and possession (or control). It is significant to point out that the concept or attribute of authenticity, as described by Parker, is not identical to the pillar of authentication as described by the U.S. DoD.
Information assurance is closely related to information security and the terms are sometimes used interchangeably. However, IA’s broader connotation also includes reliability and emphasizes strategic risk management over tools and tactics. In addition to defending against malicious hackers and code (e.g., viruses), IA includes other corporate governance issues such as privacy, compliance, audits, business continuity, and disaster recovery. Further, while information security draws primarily from computer science, IA is interdisciplinary and draws from multiple fields, including accounting*, fraud examination*, forensic science*, management science, systems engineering, security engineering, and criminology, in addition to computer science. Therefore, IA is best thought of as a superset of information security (e.g. umbrella term).
= = = = = = = = = = = = = = = = = = = = = = = = =
* a closely related and fast-growing career – forensic accounting:
Five Reasons to Study Forensic AccountingBy J.J. Yong, October 23, 2010
Article Source: EzineArticles.com
Forensic accounting is the practice of utilizing accounting auditing and investigative skills to assist in legal matters to obtain an accurate result to establish the accountability for administrative proceeding.
You may be wondering, why study forensic accounting?
Well, here are the five reasons:
- Our current economic crisis has left many companies to face serious financial issues that may lead to bankruptcy. Hence, these companies have been forced to stoop down to the lowest level to save their company by committing frauds and swindles. This makes such a job an important one that increases in demand each year.
- Internal audit in the company could not throw light on the different fact and other hidden aspects of the corporate fraud. They are hardly in a position to initiate proper action at proper time due to their lack of forensic accounting skills.
- Forensic accounting is a new and very exciting study. This change[s] the perspective of the world on accounting study, which has been a theoretically dull field in itself.
- If you are ambitious, fast, observant, creative and diligent, Forensic accounting is definitely a dream job and a great investment. Using computer technology, creative thinking, and careful inspection of financial records; the hidden proof of the crimes can be discovered.
- You will always be equipped with the latest computer software and gadgets. Forensic accounting heavily relies on computer software and generalized audit software to aid in the detection and investigation of fraud and white-collar crimes. Also, investigative tools such as data mining, link analysis software and case management software and the use of the Internet are the essential skills as well.
For more information about online forensic accounting and benefits of forensic accounting, visit ForensicAccountingDemystified.com.