Information assurance in 2010 and beyond

A holistic strategy achieves simplified and secure access to information

Information assurance provides certainty that information is reliable, secure, private and confidential, yet available for the business. It encompasses disciplines of information security, information management, risk management, business continuity management and the retention and effective use of employee knowledge. Robustly implemented, information assurance ensures accuracy and protection of information.

Information assurance is holistic, since it is properly an integral component of information systems, governance, audit and control processes that support the business.

A sound information assurance program achieves simplified and secure access to information. Effective information security underpins information assurance’s objectives of confidentiality, integrity, and availability of information, which together can optimise business success.

Components of information assurance

The holistic nature of information security is exemplified by the many aspects of business that are, in effect, components of information assurance while having their own separate roles and value in the business. They include information lifecycle management, information security, e-forensics, corporate and IT governance and management of information risk.

They are the genesis and framework that forms the critically important business-specific, tailored information architecture for managing and securing information. An ‘organisation’ without good management of information ceases to be an organised business; information adds direct value to the bottom line, but information deficiency can break the business.

Management must understand the role of information and information assurance and treat them in all their incarnations as most valuable assets — the bloodline of every business that permeates every aspect of successful organisations.

The value proposition

Across all walks of life, new information-based ways of working are emerging. Armed with good information and the expertise to use it to the full, organisations have the opportunity to surge ahead and become increasingly successful.

But with opportunity comes risk. Shareholders, customers and citizens place high expectations on organisations to provide reliable information, to use it well, and to protect it. Information threats may be malicious, accidental, technical and non-technical. They can materialise into reputational damage, operational inefficiencies and missed opportunities unless the organisation implements pre-emptive information protection controls. Some guiding principles:

• Directors must address information assurance challenges as a core role to ensure risk is managed robustly and holistically. • Delivering various media in increasing volume demands secure capture, processing, storing and dissemination of information. • Business success depends equally on people and information management. • Every organisation, small or large, has fundamental responsibility to protect business and employee information. • Information security is everyone’s responsibility, not a niche responsibility of IT. It should be inherent in the organisation culture, encompassing much more than digital information. Identification of business ownership of information is critical. • Effective information assurance achieves simplified and secure access, confidentiality and integrity, enabling effective, reliable and timely use to information for day-to-day business and optimises business success.

Join the CSO newsletter!

Error: Please check your email address.

Tags TechnologyOnemanagementbruce carlossecurityIT management

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bruce Carlos

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place