Information Assurance

When you first hear the term information assurance you tend to conjure up an image of a balanced set of reasonable measures that have been taken to protect the information after an assessment has been made of risks that are posed to it. In truth, this is the Holy Grail that all organisations that value their information should strive to achieve, but which few even understand. Information assurance is a term that has recently come into common use. When talking with old timers in IT (or at least those that are over 35-year old), you will hear them talking about information security, a term that has survived since the birth of the computer. In the recent past, the term information warfare was coined to describe the measures that need to be taken to defend and attack information. This term, however, has military connotations - after all, warfare is normally their domain. Shortly after the term came into regular use, it was applied to a variety of situations encapsulated by Winn Schwartau as the f- lowing three classes of information warfare: Class 1: Personal information warfare Class 2: Corporate information warfare Class 3: Global information warfare Political sensitivities lead to "warfare" being replaced by the "operations", a much more "politically correct" word. Unfortunately, "operations" also has an offensive connotation and is still the terminology of the military and gove- ments.

This practical reference is designed to help IT managers and assets protection professionals to assure the protection and availability of vital digital information and related information systems assets. The revised edition includes 3 new chapters and major updates throughout. Bridging gaps between information security, information systems security and information warfare, it re-examines why organizations must take information assurance seriously, and discusses the business, legal, and technical knowledge needed to secure these vital government and business assets.

An Introduction to Information Assurance.- What is Information Assurance?.- The World of Information.- The Theory of Risks.- The Information World of Crime.- IA Trust and Supply Chains.- Basic IA Concepts and Models.- The Role of Policy in Information Assurance.- IA in the World of Corporations.- The Corporate Security Officer.- Corporate Security Functions.- IA in the Interest of National Security.- The Corporate IA Officer.- IA Organisational Functions.- Incident Management and Response.- Technical Aspects of IA.- IA and Software.- Applying Cryptography to IA.- IA Technology Security.- Security Standards.- The Future and Final Comments.- The Future, Conclusions and Comments.