STRATEGIES FOR INFORMATION ASSURANCE DISCUSSION 2022
Added on 2022-10-10
21 Pages3883 Words18 Views
|
|
|
Running head: STRATEGIES FOR INFORMATION ASSURANCE
Strategies for Information Assurance
Name of the student:
Name of the university:
Author note:
Strategies for Information Assurance
Name of the student:
Name of the university:
Author note:
STRATEGIES FOR INFORMATION ASSURANCE1
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................3
Organization overview:...............................................................................................................3
Detailed overview of Information Assurance:.............................................................................3
Basics of Information Assurance Strategy:.................................................................................5
Framework for implementing Information Assurance:...............................................................6
Risk mitigation Strategy to mitigate the risks that are associated with workplace operation:....9
Accrediting body to ensure Information Assurance:.................................................................12
Incident Response Plan:.................................................................................................................13
Conclusion:....................................................................................................................................16
References:....................................................................................................................................17
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................3
Organization overview:...............................................................................................................3
Detailed overview of Information Assurance:.............................................................................3
Basics of Information Assurance Strategy:.................................................................................5
Framework for implementing Information Assurance:...............................................................6
Risk mitigation Strategy to mitigate the risks that are associated with workplace operation:....9
Accrediting body to ensure Information Assurance:.................................................................12
Incident Response Plan:.................................................................................................................13
Conclusion:....................................................................................................................................16
References:....................................................................................................................................17
STRATEGIES FOR INFORMATION ASSURANCE2
Introduction:
Information System plays a vital role within the infrastructure of any organization.
Information system is defined as the type of information and communication technology that
helps in smooth interaction of technologies within business processes. In today’s world of digital
awareness, information security plays as a crucial component for all organization in order to
protect information and conduct the business processes smoothly1. Information security is
demarcated as one of the protecting measure of evidence and the schemes that are involved
including the hardware use and transmission of information in a protected way. With the
openness of the internet, business organizations are enabled to quickly adopt technologies from
the perspective of information security. With the rise of information security and its systems
comes the concept of information assurance which mainly focuses on the gathering of credential
data and ensuring their safety2. Business organizations are responsible for storing large number
of information such as customer data, different algorithms, transaction related data and other
credentials loss of which can lead to the down fall of the entire association. The development of
information assurance includes maintaining of the confidentiality, integrity as well as the
availability of data that are collected from the users. This type of information protection is
1 Cherdantseva, Y. and Hilton, J., 2015. Information security and information assurance:
discussion about the meaning, scope, and goals. In Standards and Standardization: Concepts,
Methodologies, Tools, and Applications (pp. 1204-1235). IGI Global.
2 Jacobs, S., 2015. Engineering information security: The application of systems engineering
concepts to achieve information assurance. John Wiley & Sons.
Introduction:
Information System plays a vital role within the infrastructure of any organization.
Information system is defined as the type of information and communication technology that
helps in smooth interaction of technologies within business processes. In today’s world of digital
awareness, information security plays as a crucial component for all organization in order to
protect information and conduct the business processes smoothly1. Information security is
demarcated as one of the protecting measure of evidence and the schemes that are involved
including the hardware use and transmission of information in a protected way. With the
openness of the internet, business organizations are enabled to quickly adopt technologies from
the perspective of information security. With the rise of information security and its systems
comes the concept of information assurance which mainly focuses on the gathering of credential
data and ensuring their safety2. Business organizations are responsible for storing large number
of information such as customer data, different algorithms, transaction related data and other
credentials loss of which can lead to the down fall of the entire association. The development of
information assurance includes maintaining of the confidentiality, integrity as well as the
availability of data that are collected from the users. This type of information protection is
1 Cherdantseva, Y. and Hilton, J., 2015. Information security and information assurance:
discussion about the meaning, scope, and goals. In Standards and Standardization: Concepts,
Methodologies, Tools, and Applications (pp. 1204-1235). IGI Global.
2 Jacobs, S., 2015. Engineering information security: The application of systems engineering
concepts to achieve information assurance. John Wiley & Sons.
STRATEGIES FOR INFORMATION ASSURANCE3
applied to almost all types of field in order to transit the data in both physical and electronic
forms. This report is prepared so as to deal with the position of Information Assurance for
organization of Heavy Metal Engineering so as to ensure that the data assets are secured enough.
Discussion:
Organization overview:
The organization of Heavy Metal Engineering is a industrial organization that is
responsible for creating metal case casting for very high end seal and dryer products. It has
suppliers and customers all through the world with its worldwide offices. The corporate office of
Heavy Metal Engineering organization at US is observing forward to receive certain funding
from significant third parties in order develop a joint venture. But the organization lacks certain
information assurance plan and hence often fails in keeping its data assets secured. Hence in
order to put this in place, it is necessary that the manufacturing organization has a proper
information assurance plan implemented within their system that ensures the safety of the data
that is deposited within their data base system.
Detailed overview of Information Assurance:
The concept of Information Assurance is related to the repetition of shielding the data or
information against possible cyber-attacks and managing the overall risks that are associated
with different types of data risks related to the unauthorized usage of data, transmission of wrong
information and various other information risks3. The concept of Information Assurance is
3 Samonas, S. and Coss, D., 2014. THE CIA STRIKES BACK: REDEFINING
CONFIDENTIALITY, INTEGRITY AND AVAILABILITY IN SECURITY. Journal of
Information System Security, 10(3).
applied to almost all types of field in order to transit the data in both physical and electronic
forms. This report is prepared so as to deal with the position of Information Assurance for
organization of Heavy Metal Engineering so as to ensure that the data assets are secured enough.
Discussion:
Organization overview:
The organization of Heavy Metal Engineering is a industrial organization that is
responsible for creating metal case casting for very high end seal and dryer products. It has
suppliers and customers all through the world with its worldwide offices. The corporate office of
Heavy Metal Engineering organization at US is observing forward to receive certain funding
from significant third parties in order develop a joint venture. But the organization lacks certain
information assurance plan and hence often fails in keeping its data assets secured. Hence in
order to put this in place, it is necessary that the manufacturing organization has a proper
information assurance plan implemented within their system that ensures the safety of the data
that is deposited within their data base system.
Detailed overview of Information Assurance:
The concept of Information Assurance is related to the repetition of shielding the data or
information against possible cyber-attacks and managing the overall risks that are associated
with different types of data risks related to the unauthorized usage of data, transmission of wrong
information and various other information risks3. The concept of Information Assurance is
3 Samonas, S. and Coss, D., 2014. THE CIA STRIKES BACK: REDEFINING
CONFIDENTIALITY, INTEGRITY AND AVAILABILITY IN SECURITY. Journal of
Information System Security, 10(3).
STRATEGIES FOR INFORMATION ASSURANCE4
associated with the CIA triad or the Confidentiality, Integrity and Availability of data. Besides it
also includes the authentication as well as non-repudiation of data. The detailed analysis of the
components is discussed as follows:
1. Confidentiality: Confidentiality refers to the privacy of information while undertaking
measures that are designed to prevent the sensitive data information from reaching out to the
hands of black hat people. It also helps in restricting the unauthorized access of data. The
confidentiality factor of the CIA triad helps in categorizing the data according to the type of
damage that is caused due to unintentional use. Maintaining the confidentiality of data helps in
safeguarding the data while involving special training related to the security risks that causes
threatening of the credential information.
2. Integrity: The principle of integrity involves maintaining the accuracy, consistency and
trustworthiness of information assets within an organization. It includes implementing of
measures so as develop policies including accessibility of files and modifying them without prior
permission.
3. Availability: Availability principle of CIA triad includes maintaining of hardware performance
while resolving the issues immediately and ensuring the proper functionality of the resources
used within the information system. It helps in providing bandwidth for communication while
removing the possible bottlenecks. Implementing this within organization helps in mitigating the
serious consequences that are faced during any type of hardware issues.
associated with the CIA triad or the Confidentiality, Integrity and Availability of data. Besides it
also includes the authentication as well as non-repudiation of data. The detailed analysis of the
components is discussed as follows:
1. Confidentiality: Confidentiality refers to the privacy of information while undertaking
measures that are designed to prevent the sensitive data information from reaching out to the
hands of black hat people. It also helps in restricting the unauthorized access of data. The
confidentiality factor of the CIA triad helps in categorizing the data according to the type of
damage that is caused due to unintentional use. Maintaining the confidentiality of data helps in
safeguarding the data while involving special training related to the security risks that causes
threatening of the credential information.
2. Integrity: The principle of integrity involves maintaining the accuracy, consistency and
trustworthiness of information assets within an organization. It includes implementing of
measures so as develop policies including accessibility of files and modifying them without prior
permission.
3. Availability: Availability principle of CIA triad includes maintaining of hardware performance
while resolving the issues immediately and ensuring the proper functionality of the resources
used within the information system. It helps in providing bandwidth for communication while
removing the possible bottlenecks. Implementing this within organization helps in mitigating the
serious consequences that are faced during any type of hardware issues.
STRATEGIES FOR INFORMATION ASSURANCE5
4. Authentication: Authentication is another factor that ensures the methods that are adopted
within organization so as to access the data. It includes protected methods such as using
passwords, digital certificates or any type of authenticated biometric means.
5. Non-repudiation: The last but not the least another important factor that contributes to the
information assurance system is Non- repudiation. It includes monitoring of actions that one
individual cannot deny such as authenticity of a contract or any message that is provided by the
machine or system as a proof of action.
Basics of Information Assurance Strategy:
Implementing an Information Assurance plan within organization helps in creating a road
map for protecting the information as well as their infrastructure while aligning the strategies
with that of the business goals and objectives. Implementing strategies based on information
assurance is treated as a major IT function including detailed planning of the strategy.
Developing a suitable information strategy helps organization in understanding their business
condition while dictating the availability of information while mitigating the major risks
associated with it. Having a proper Information Assurance strategy plan in place helps
organizations to reduce their operational expense while increasing the market value of the
organization. While implementing Information assurance strategy it is thus necessary to follow
proper framework that exactly aligns with the business objectives while helping in to secure the
data assets within the organization.
Framework for implementing Information Assurance:
Information Assurance framework consist of a series of developments that are recycled to
define the guidelines and procedures to implement the supervision of various information
4. Authentication: Authentication is another factor that ensures the methods that are adopted
within organization so as to access the data. It includes protected methods such as using
passwords, digital certificates or any type of authenticated biometric means.
5. Non-repudiation: The last but not the least another important factor that contributes to the
information assurance system is Non- repudiation. It includes monitoring of actions that one
individual cannot deny such as authenticity of a contract or any message that is provided by the
machine or system as a proof of action.
Basics of Information Assurance Strategy:
Implementing an Information Assurance plan within organization helps in creating a road
map for protecting the information as well as their infrastructure while aligning the strategies
with that of the business goals and objectives. Implementing strategies based on information
assurance is treated as a major IT function including detailed planning of the strategy.
Developing a suitable information strategy helps organization in understanding their business
condition while dictating the availability of information while mitigating the major risks
associated with it. Having a proper Information Assurance strategy plan in place helps
organizations to reduce their operational expense while increasing the market value of the
organization. While implementing Information assurance strategy it is thus necessary to follow
proper framework that exactly aligns with the business objectives while helping in to secure the
data assets within the organization.
Framework for implementing Information Assurance:
Information Assurance framework consist of a series of developments that are recycled to
define the guidelines and procedures to implement the supervision of various information
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents