4.2: Information Assurance
Information Assurance Other Information:
The U.S. Government's National Information Assurance Glossary defines Information Assurance (IA) as: Measures that protect
and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality,
and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection,
and reaction capabilities. Information Assurance is closely related to information security, and the terms are sometimes used
interchangeably; however, IA’s broader connotation also includes reliability, and emphasizes strategic risk management over
tools and tactics. In addition to defending against malicious hackers and viruses, IA includes other corporate governance
issues such as privacy, compliance, audits, business continuity, and disaster recovery. Further, while information security
draws primarily from computer science, IA is interdisciplinary and draws from fraud examination, forensic science, military
science, management science, systems engineering, security engineering, and criminology, in addition to computer science.
The OCIO is in the process of refining our IA plans and tools, which currently consist of an IA directive and handbook, IA
training for users, owners, and custodians, annual IA refresher training, and security baselines for OPIC’s business systems.
OCIO is in the process of identifying and implementing IA auditing and logging tools and processes to analyze the output of
those tools. OCIO also have plans to implement improved security systems including proxy/reverse proxy, and changes to our
current DMZ approach. In the future, the OCIO will focus on protecting financial system data and insider threat scanning and
analysis.
Indicator(s):
|
