What is Information Assurance (IA)? Very simply put, it means ensuring that the right information gets to the right people at the right time.
More specifically, the information assurance professional at a company or organization seeks to ensure five key attributes: integrity, availability, authentication, confidentiality, and non-repudiation.
Integrity. If intruders have gained access to a network and tampered with data, then the integrity of information has been compromised. Safeguarding the integrity of digital information means taking steps to prevent such breaches. Such steps can include software designed to block malware and viruses, cyber analytics tools that can track anomalies in the system, policies that regulate use of the network, and training programs for employees.
Availability. You are preparing for an important presentation to a potential partner or client. With only days to go before the event, you discover that the files containing your presentation have disappeared from the system, or otherwise rendered inaccessible. The network administrator explains that a glitch occurred and the information is gone forever. In information assurance terms, availability of information has been compromised. As they seek to address increasingly complex security threats, information assurance professionals must also take care to ensure that vital information remains available to those who are authorized to view it.
Authentication. You leave for a two-week vacation. During that time, an assistant realizes that a file needed for a project is stored on your desktop. With no malicious intent, your colleague logs onto your system and retrieves the file – but also, in the process, gains access to other information that only you were authorized to see, such as department financials or personnel records. Organizations must have authentication methods in place that require users to verify who they are before they can gain access to information. These can include relatively simple methods such as logins and passwords, as well as more complex tools such as authentication tokens or even biometrics.
Confidentiality. “Loose lips sink ships,” warned posters that were circulated in the United States during World War 2. Casual conversation about ship movements could be overheard by enemy spies, providing the adversary with the intelligence they needed to launch an attack. In today’s information-saturated environment, confidentiality poses an even greater challenge, as communication occurs among a much wider variety of contexts, including social media – with adversaries, for instance, scanning Facebook or Instagram posts to gain intelligence or identify possible targets.
Confidentiality is no less important in civilian contexts, such as business or politics: just ask the Apple software engineer who brought an iPhone prototype to a bar, or the Democratic party strategist who took notes at a closed-door meeting – and then left them on the counter of Neil’s Outrageous, a popular Capitol Hill deli.
Non-repudiation. An employee copies sensitive data onto a flash drive, takes it home, and loads it onto his personal computer – or perhaps even shares it with a competing organization. When pressed, the employee denies having taken those actions. Does the company have a way to prove non-compliance? Particularly when classified information is involved, it can be crucial to establish beyond doubt what someone did or didn’t do, making the action impossible to deny.
Information Assurance Career Outlook and Opportunities
According to the Bureau of Labor Statistics, median pay for information security analysts clocks in at a robust $92,600 per year, and forecasted job growth through 2026 is 28% -- much higher than average. IA with a cybersecurity focus is a particularly powerful combination: cybersecurity professionals make $116,000 per year, on average – three times the median salary for all full time workers.
Great! How do I get started?
A degree in cybersecurity or cyber analytics can be the surest entry point into the information assurance field. Although IA covers all forms of information – not just digital – the reality is that the majority of organizational data today is now being stored electronically. The field of cybersecurity overlaps with information assurance to a significant degree, employing the same guiding principles.
A solid background in technology – specifically in computer science or information systems – is important for most IA positions today. As your career develops, you’ll also want to consider earning key certifications, such as the CISSP. Capitol’s cybersecurity programs are mapped to the CISSP and designed to give students the preparation they need in order to earn this certification.
Join one of today’s most exciting, in-demand career areas! Learn more about Capitol’s undergraduate, graduate and doctoral programs in cybersecurity, cyber analytics, computer science, and management of cyber and information security.