The article chosen deals with such terms as information assurance and information security. The considering terms are of great importance as in spite of the high level of technology development in modern society, all organizations and individuals aim to confidentiality and protection of any information. Information assurance focuses on integration of protection, detection and reaction to some unauthorized intrusions and guarantees protection.
There is given a description of a wide variety of methods and measures for information security by means of information assurance. The purpose is to lower the risk connected with the usage, storage, or transmission of data.
According to the article information assurance involves many other disciplines and includes many aspects, for example, policy, legal, social, management, technical ones. In general, the article comprises the IA of software, hardware, network and communication, emission security, as well as cryptology, watermarking and steganography techniques.
Keywords: information assurance (IA), information security (IS), cyber-theft, emission security
Technologies have become an essential part of our everyday life, any kind of service or professional field. They are continuing developing with such a velocity that it is difficult to keep pace with them.
The whole information in commerce, banking, telecommunications, health care and national security is stored electronically. Our society greatly relies on it, but IT specialists find the security and assurance needs of modern information system rather unsafe and limited. In this case the issue of IA and IS throws into sharp relief and it is often discussed in scientific articles and at conferences. One of such articles is Information Security Threats and Information Assurance where authors discuss methods to be taken in respect of technology IA (Yildiray Yalman, Murat Yesilyurt, 2013).
Before starting the article review, it is important to specify what information assurance is. In such source like Techopedia, which aims to help people understand technology, it is possible to find that information assurance is needed to protect information systems, provide confidentiality of information, and any IA specialist must have a thorough understanding of IT and how the information systems work and are connected. They must be aware of all threats in the IT world like viruses, worms, phishing attacks, social engineering, identity theft, etc., as well as to focus on protection against these threats (Techopedia.com. (2015). Anyway, IA should guarantee certain levels of availability, integrity, authentication, confidentiality, or non-repudiation.
Every kind of service in the world is connected with the World Wide Web, and as the number of Internet users increase, so it is accompanied by a number of security problems. First, this problem concerns the software. The statistics given in the article shows the percentage of information loss because of software damage. E-mail spam, Trojans and viruses can be the reasons of spoiling software. Due to statistics, the USA and European Union countries do much for provision of IA (Yildiray Yalman, Murat Yesilyurt, 2013). Their work includes IA guidelines periodically published by the US Department of Defense and some references showed the significance of security systems worked out by a group of countries and the results of security agencies’ work in the control of the national security. Thus, software using is impossible without proper work of hardware consequently the functions of information assurance expands on ensuring hardware testing and evaluation. For these purposes, there were developed security evaluation standards all over the world.
Next sphere that needs protection is network and communication. Network security technologies protect network against cyber-attacks, unauthorized intrusion, closure of the network, interruption of service. This protection from network attacks is provided both internally and externally. Network information assurance should complete such security tasks as authentication, data confidentiality and integrity, system working efficiency. In its turn, Communication Security has to secure information transmission channels (Iac.dtic.mil, 2015).
Another important object for IA is emission security. There are several types of signal intelligence such as communication, electronic, telemetry, and radar intelligence. The emphasis is made on communication intelligence. This process includes the exchange of information between the emitter and receiver. The signals are transmitted through mobile phones, car phones, satellite, microwave, radio, and radiotelephone. One needs to pay attention to the significance of the reference 17, 18 of the article. They give information about intelligence method by the United States like TEMPEST that has very confidential standards (Yildiray Yalman, Murat Yesilyurt, 2013). The principle of work of this system is to analyze electromagnetic waves emitted from computer screens, keyboards, or modem cables. Special measures on emission security are taken in military or civilian institutions. Reference 19 of the article is devoted to some professional and more elementary methods of emission security (Yildiray Yalman, Murat Yesilyurt, 2013).
All information assurance measures mentioned above were observed in the global context. The authors say about IA for individuals, institutions or organizations in the process of employees’ training and providing physical security of the electronic media. All the employees should be familiar with IA measures and keep storage devices and documents in confidential places.
The article also has information about other additional safety measures like cryptology, watermarking and steganography techniques. Thus, only sender and recipient have an opportunity to decrypt the transmitting message using some algorithms or codes. Sometimes more than one method of information protection or coding can be used (Yildiray Yalman, Murat Yesilyurt, 2013).
Iac.dtic.mil. (2015). CSIAC - Information Assurance. Retrieved 5 July 2015, from http://iac.dtic.mil/csiac/ia_policychart.html
Techopedia.com. (2015). What is Information Assurance (IA)? - Definition from Techopedia. Retrieved 5 July 2015, from http://www.techopedia.com/definition/5/information-assurance-ia
Yildiray Yalman, Murat Yesilyurt. (2013). Information Security Threats and Information Assurance, TEM Journal, 2(3), 247-252.