Brief Guide to Information Assurance
What is Information Assurance?
Information Assurance (IA) is the confidence that information systems will protect the information they carry and will function as and when they need to, under the control of legitimate users. This confidence is vital, as the conduct of UK business, national security and economic and social well–being all depend on such information systems, no matter what form the information takes or how it is shared or stored.
There are five key principles involved in meeting IA requirements:
- Confidentiality – restricting information to authorised individuals
- Integrity – ensuring information has not been tampered with
- Availability – ensuring information is available when required
- Authentication – confirming the identity of the individual who made the transaction
- Non-repudiation – the individual who made the transaction cannot then deny it.
Why is IA needed?
Information assets, from a major ICT system down to a single CD, are fundamental to the business of government. Effective IA is core to the delivery of the Transformational Government agenda that will enable efficiencies across government systems and support more customer-focused delivery.
The continued growth throughout government in the use of information systems, linked together in ever larger, faster and more complex networks, carries with it an increased vulnerability to attack against protectively marked information. The threat ranges from foreign intelligence services to the criminal fraternity, members of extremist groups, or even from individuals (inside or outside the organisation). Protection against such threats and vulnerabilities is essential.
