Reference no: EM133652356

Assignment: Information Security Means Better Business

In the progressively competitive business world, information is a valuable resource that needs utmost protection. Information security is integral in managing your business and ensuring that vital information is not compromised in any way.

Securing information is paramount for the survival of your enterprise. Hence, it must be proactively secured against malicious attacks especially when business information is transmitted over networks.

A secure information system is built on the foundation of five essential building blocks. Setting these pillars properly into place is central to developing any kind of information security mechanism in your business. Read on.

Five Pillars Of Information Assurance Framework

Information Assurance (IA) is the practice of protecting against and managing risks related to the use, processing, storage, and transmission of data and information systems. The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of confidentiality, integrity, availability, authenticity, and non-repudiation of user data.

Here are the five pillars of the IA framework that you need to manage in your office cyberspace:

I. Confidentiality

This is the assurance that information is not disclosed to unauthorized individuals, groups, processes, or devices. Highly confidential data must be encrypted so third parties cannot easily decrypt it. Only those who are authorized to view the information are allowed access.

II. Integrity

The accuracy and completeness of vital information must be safeguarded. Data should not be altered or destroyed during transmission and storage. This involves making sure that an information system is not tampered by any unauthorized entities. Policies should be in place so that users know how to properly utilize their system.

III. Availability

This means that authorized users have timely and easy access to information services. IT resources and infrastructure should remain robust and fully-functional at all times even during adverse conditions, such as database conundrum or fall-overs. It involves protecting against malicious codes, hackers, and other threats that could block access to the information system.

IV. Authenticity

This security measure is designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific information. Authentication prevents impersonation and requires users to confirm their identities before being allowed access to systems and resources. This includes user names, passwords, emails, biometrics, and others.

V. Non-Repudiation

This attribute assures the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither party can deny sending, receiving, or accessing the data. Security principles should be used to prove identities and to validate the communication process.

In the article, it states that all five areas are needed to develop any kind of information security mechanism in your business. Do you agree or disagree with this assessment? Which of these risk management practices would you absolutely have to implement and which might you be able to do without? Provide rationale for each area. Then, choose one area and identify literature in the field or a case study describing how it is being addressed.