WHAT IS INFORMATION ASSURANCE (IA)?
Information Assurance is not just information security. Information Assurance is managing the risk associated with the confidentiality, integrity and availability of information. While IA is definitely INFORMATION SECURITY, it is a much more comprehensive approach to information security.
Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data. Information assurance is used as a more complete approach to information security.
Information assurance includes not only information security but also includes operational, physical security and all aspects of protecting the data. Other factors involved with providing information assurance include: Authenticity & non-repudiation.
Some standards cover the process of information assurance:
- ISO/IEC 27001:2005, Information security management system (ISMS)
- DoD Information Assurance Certification & Accreditation Process (DIACAP)
- Defense Information Assurance Risk Management Framework (DIARMF)
Each branch of the US Armed services covers Information assurance in their own guide:
United States Air Force: Air Force Policy Directive 33-2, Information Assurance Program
United States Army: AR 25-2, Information Assurance
United States Department of Navy: SECNAV M-5239.1, DON Information Assurance Program
Depart of Homeland Security – Cybersecurity Assurance not really a guide but you get the idea*
All of this will change real soon as each branch aligns themselves with DIARMF Process/NIST risk management framework.