Name: Lance A.

Elizalde Date: September 13, 2023

Address: Bitaug, Enrique Villanueva, Siquijor
Course and Year: BS Info Tech II

Lesson 1: Fundamentals of Information Assurance (IA) and Information

Security (INFOSEC)
1. What is IA?
Information assurance (IA) is the practice of managing risks related
to confidential information, which encompasses the transmission, processing,
and storage of data. This field of expertise covers both digital and physical
information channels, aiming to ensure the quality, dependability, and
recoverability of an organization’s information.

The primary goal of information assurance is to maintain the security of

an organization’s digital assets, which includes ensuring the effective
functioning of their information systems and keeping this security in the hands
of authorized users. This is achieved by following compliance, industry
regulations, risk management, and organizational policies.

2. Why Information Assurance is Needed?

Information Assurance is needed because it helps protect important
information more effectively. It focuses on making sure the information is
reliable and safe. It also encourages strong planning to manage risks. A big
part of Information Assurance is regularly checking for risks because threats
keep changing, and hackers keep trying new ways to cause harm.

Information Assurance risk assessments help organizations understand

potential problems in their systems, how likely these problems are to be
exploited, and what bad things could happen, like financial losses or damage
to their reputation, if a problem is used by someone bad. To do this well, it's
important to be fair and unbiased when assessing risks.

3. Five Information Assurance Pillars

1. Availability
- Availability means that people can easily access their data or use the
services on their networks. If data isn't accessible, it can limit what
people can do. Threats to availability are getting more complicated
because so much information is online and can be targeted by
hackers.

For example, if a hacker makes a self-driving car's system stop

working, it could cause an accident. Businesses face similar risks. If a
company's leaders can't get important data when making decisions,
the company might lose money. Information Assurance professionals
 need to know how to stop threats that could block data access, using
tools like firewalls and other advanced security methods.

2. Integrity
- Maintaining the integrity of an information system means keeping it
safe from harm and threats. The main aim of this pillar is to create
defenses that discourage these threats. For instance, viruses and
harmful code are common threats. To stop them from damaging files,
Information Assurance experts use antivirus software and other tools
to block them before they can harm the computer system. They also
make rules to make sure people in their organizations handle data
properly and test their systems to see if they can withstand attacks. If
they find weaknesses, they fix and protect the system to keep data
safe. Having the right rules and practices in place helps keep an
organization's information and systems secure.
3. Authentication
- IA professionals use methods to check authentication to verify a user’s
identity before allowing them to access data. Common methods
include usernames and passwords or things like fingerprints. If these
methods are broken, data can be stolen. A big attack happened in
2011 when hackers tricked an RSA employee and took their
passwords. Then they used those passwords to get into RSA's
systems and take important information. RSA had to fix the problem
and secure their data, but the attack hurt their reputation and their
security products might not work as well now. Sometimes, attackers
use simple methods like trying lots of passwords until one works. IA
professionals need to find and fix any problems in their authentication
systems to stop these kinds of attacks.
4. Confidentiality
- Keeping sensitive information safe through measures like data
encryption is a crucial job for Information Security experts.
Confidentiality means making sure private data stays private, and only
approved people, systems, or things can see it. It's not just about who
can get to it, but also about the data itself. This helps companies keep
their ideas safe and protects customers from having their personal
information misused.
5. Non-Repudiation
- When people send information online, it's crucial that we can confirm it
reached its destination and that the person receiving it knows who sent
it. This confirmation, known as non-repudiation, helps identify who's in
charge of handling specific data. While it's not common, there are
cases where someone tries to hide their actions, like tampering with
computer logs. This can make it tricky to figure out who did what. If
unauthorized activity happens during this, it's tough for the
organization to pinpoint the responsible party, making it harder to
 prevent future incidents. Thankfully, non-repudiation attacks are rare
today, thanks to the dedicated work of Information Security experts
who've built strong network systems for tracking and confirming data
exchanges across networks with very low chances of error.

Assignment:
1. Why do we need to keep important corporate information confidential?
- Confidential information is restricted to authorized personnel only. This
includes sensitive employee data like salary, performance reports, and
medical information, as well as personal details. Many business
relationships rely on confidentiality agreements that clearly outline
what is considered private. When in doubt, treat information as
confidential.

Ensuring the privacy of personal information gives people confidence

and a sense of security at work, preventing internal issues. Keeping
crucial corporate information confidential is vital. It protects sensitive
data like trade secrets, finances, and customer information from
unauthorized access. This helps maintain a competitive edge, builds
trust with customers, and ensures compliance with laws. Additionally,
confidentiality prevents potential misuse or harm to the company and
its stakeholders.

2. What kinds of abuses can you think of in the absence of controls on

confidentiality?
- Without proper confidentiality controls, various types of abuse can
occur. One common form is when personal information is shared
without permission. For example, employees with access to sensitive
data like medical or financial records might share it with unauthorized
individuals. This can lead to identity theft, fraud, or other harms.

Another risk is data theft. If confidential information isn't adequately

protected, it can be taken by hackers or malicious actors. This could
lead to a serious invasion of privacy and cause significant harm to
those whose data is stolen.

To stop these problems, it's really important to have strong rules about
keeping things secret. This means teaching employees how to handle
information properly, making sure only the right people can see
important stuff, and using tools like special codes to keep it safe from
theft or sneaky looks.

3. What criminal activities could be reduced or eliminated if confidentiality

control were effectively implemented?
 - If confidentiality controls are effectively implemented, several criminal
activities could be significantly reduced or even eliminated. An
example of that is;

Identity theft occurs when someone steals personal information (like

social media account or bank details) to impersonate another person,
often for financial gain. Effective confidentiality controls would involve
encrypting and securely storing personal information. Access should
be restricted to authorized personnel only. Regular monitoring and
audits can help detect any suspicious activities.
Another, confidentiality control can also reduce or eliminate
cybercrime, such as hacking, malware, and phishing attacks. By
implementing strong confidentiality control measures, organizations
can protect their sensitive data from unauthorized access and prevent
cybercriminals from stealing or manipulating data.
Effective implementation of confidentiality control can significantly
reduce or eliminate several criminal activities, making it an essential
aspect of modern-day security.

References
What is Information Assurance? All You Need to Know (2023). (2023, July 11).
SoftwareLab. https://softwarelab.org/blog/what-is-information-assurance/
The 5 Pillars of Information Assurance. (n.d.). Norwich University Online.
https://online.norwich.edu/academic-programs/resources/the-5-pillars-of-information-
assurance