Information Assurance

and Security
Introduction to IA
PREPARED BY: JAMAICA T. HERNANDEZ
 Thought Experiment
Suppose you visit an e-commerce website such as your bank, stock broker, etc.

Before you type in highly sensitive information, you’d like to have some assurance
that your information will be protected. Do you (have such assurance)? How can
you know?

What security-relevant things do you want to happen, or not happen when you use
such a website?
 Thought Experiment
You might want:
• Privacy of your data
• Protection against phishing
• Integrity of your data
• Authentication
• Authorization
• Confidentiality
• Non-repudiation
• Availability
• What else?
Which of these do you think fall under Information Assurance?
 System Quality
• According to ISO/IEC Standard 9126-1 (Software Engineering—Product Quality), the following are all aspects of system quality:
• functionality
• adequacy
• interoperability
• correctness
• security
• reliability
• usability
• Efficiency
• maintainability
• portability
Which of these do you think apply to IA?
 What is Information?
This class is about Information Assurance; so what is “information”? How
does information differ from data?
What is Information?
What is Information?
What is Information Assurance?
What is Information Assurance?
What is IA? (cont)
• Cont.
A Different View of IA
Four Security Domains
Yet Another Perspective
Yet Another View: Components of IA
IA Levels: the Physical
IA Levels: Infrastructure
IA Levels: Perceptual
IA Overview
IA Overview
Many IA Failures Don’t Involve Technology
The Information Warfare Spin on IA
Nature of the Threat
Nature of the Threat (cont.)
Why Does it Matter?
Why Does it Matter?
IA Functional Components
IA Functional Components (2)
IA Applies to Info Infrastructure
Critical Infrastructure Protection
Federal Orgs Defining IA
IA Relationship to Computer Security
Some Basic IA Terms
Assets
Subjects and Objects
Attributes
Critical Aspects
Terms: Threat and Threat Actors
Examples of Threats
Examples of Threats
Terms: Environments, Enclaves
Terms: Vulnerabilities and Exploits
Terms: Vulnerabilities and Exploits
Terms: Attacks, etc. (2)
Terms: Consequences
Terms: Countermeasures
Terms: Risk
Risk Management Framework
Risk Treatments
Risk Management
Mitigation versus Avoidance
Terms: Trust and Assurance
Trust Management
Lifecycle
Security Systems Lifecycle Management
Assurance Requirements
Assurance Requirements (2)
END THANK YOU