Article

What Is Information Assurance (IA)?

Topic: SoftwareFeaturing Larry WestfallPublished January 25, 2005

Legacy signals

Archived popularity: 9,128 legacy viewsImported historical SelfGrowth signal; not blended with current reader activity.

Reader rating

Not enough ratings yet

Aggregate average appears after enough eligible reader ratings.

Rate this resource

Sign in to rate this resource.

Sign in to rate this resource

This article defines information assurance from a military point of view, addressing the five pillars of information assurance: availability, integrity, authentication, confidentiality, and non-repudiation. Most of these tenets can be applied to any network – commercial or military.

Information Assurance (IA) consists of "measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for the restoration of information systems by incorporating protection, detection, and reaction capabilities." (Department of Defense Directive 8500.1 "Information Assurance," October 24, 2002)
Secure communications have evolved through three very distinct stages over the past 50 years: Communications Security (COMSEC), Information Systems Security (INFOSEC) and Information Assurance (IA). After WWII and the Korean War, COMSEC efforts focused primarily on cryptography. The introduction and widespread use of computers created new demands to protect information exchanges between interconnected computer systems. This demand created the Computer Security (COMPUSEC) discipline. With the introduction of COMPUSEC came the recognition that stand-alone COMSEC and stand-alone COMPUSEC could not protect information during storage, processing or transfer between systems. This recognition gave rise to the term INFOSEC and the information protection mission took on a broader perspective. IA emerged and focused on the need to protect information during transit, processing, or storage within complex and/or widely dispersed computers and communication system networks. There needs to be an assurance that the information sent is the same information that is received.

Availability is the state where information is in the place needed by the user, at the time the user needs it, and in the form needed by the user. The issues that most directly affect availability are information system reliability (is it up and running?), the informational level of importance (some information is more critical than others), and timely information delivery (delay of some information has a greater impact than other information).

Integrity is sound, unimpaired, or perfect condition. This includes system integrity and data integrity.
Authentication verifies the identity of the user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system, and to verify the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification. Authentication ensures that you have the right to see the information, and that you are who you say you are. The two elements most often associated with authentication are logins and passwords.

Confidentiality is the concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. Confidentiality is often referred to as information security. Here we deal with two issues: clearances and data security. In the military, there is a distinction between having a security clearance and having a need to know. Just because someone has a Top Secret security clearance doesn’t entitle him or her to read every Top Secret document in the world. They can only access those that pertain to their job.
Non-repudiation is a service that provides proof of the integrity and origin of data, which can be verified by any third party at any time. Two of the services that support non-repudiation are digital signatures and encryption. Biometric and retinal scans are right around the corner and are being used by some organizations.

Summary
We are all involved in information assurance. Not only do we depend on it to do our work, but also we are involved in making sure it works. Remember, information is only as good as the assurance that we apply to it. Not all information needs to be protected at the same level, but all information needs to be protected.

Larry Westfall n©2005, all rights reserved
SecurityPubs.ComnSysAdmi
Toolbox.Com n

Further reading

Further Reading

4 total

Article

Organizations are starting to scale their cloud native operations. And as they do, the inefficiency of managing dozens of isolated clusters has become an evident problem. As the clusters continue to sprawl, businesses must unite diverse workloads onto shared infrastructure. This is because companies need better resource utilization and centralized governance among other things. But it is imperative to remember that going from a single tenant to a multi-tenant environment need

March 12, 2026

Article

It has been for everyone to see the short product lifecycles and a pressing need for rapid technical scalability that have come to define the modern startup ecosystem. For early-stage companies, the challenge is no longer just conceptualizing a solution. But they must also carry it out with enough precision to withstand high market volatility and fierce competition. We know that internal teams concentrate on core business strategy and fundraising. That still leaves us with th

March 12, 2026

Article

In today’s regulated and data-driven environments, organizations are under constant pressure to ensure that temperature and environmental conditions remain within defined limits. Even small fluctuations can result in product loss, compliance violations, or operational downtime. As a result, many facilities are moving away from manual checks and standalone sensors and adopting comprehensive environmental monitoring solutions instead. An environmental monitor provides rea

March 5, 2026

Article

Organizations have come to rely heavily on large amounts of data in today's competitive markets. But to what end? For starters, to inform strategic decisions and power machine learning models. It goes without saying that the value of these digital assets is completely dependent on the accuracy of the underlying data. So, when data is fragmented or inconsistent across departments, you will obviously have inaccurate reporting and operational inefficiencies at your hands. This c

March 2, 2026