Information assurance provides certainty that information is reliable, secure, private and confidential, yet available for the business. It encompasses disciplines of information security, information management, risk management, business continuity management and the retention and effective use of employee knowledge. Robustly implemented, information assurance ensures accuracy and protection of information.
Information assurance is holistic, since it is properly an integral component of information systems, governance, audit and control processes that support the business.
A sound information assurance program achieves simplified and secure access to information. Effective information security underpins information assurance’s objectives of confidentiality, integrity, and availability of information, which together can optimise business success.
Components of information assurance
The holistic nature of information security is exemplified by the many aspects of business that are, in effect, components of information assurance while having their own separate roles and value in the business. They include information lifecycle management, information security, e-forensics, corporate and IT governance and management of information risk.
They are the genesis and framework that forms the critically important business-specific, tailored information architecture for managing and securing information. An ‘organisation’ without good management of information ceases to be an organised business; information adds direct value to the bottom line, but information deficiency can break the business.
Management must understand the role of information and information assurance and treat them in all their incarnations as most valuable assets — the bloodline of every business that permeates every aspect of successful organisations.
The value proposition
Across all walks of life, new information-based ways of working are emerging. Armed with good information and the expertise to use it to the full, organisations have the opportunity to surge ahead and become increasingly successful.
But with opportunity comes risk. Shareholders, customers and citizens place high expectations on organisations to provide reliable information, to use it well, and to protect it. Information threats may be malicious, accidental, technical and non-technical. They can materialise into reputational damage, operational inefficiencies and missed opportunities unless the organisation implements pre-emptive information protection controls. Some guiding principles:
• Directors must address information assurance challenges as a core role to ensure risk is managed robustly and holistically. • Delivering various media in increasing volume demands secure capture, processing, storing and dissemination of information. • Business success depends equally on people and information management. • Every organisation, small or large, has fundamental responsibility to protect business and employee information. • Information security is everyone’s responsibility, not a niche responsibility of IT. It should be inherent in the organisation culture, encompassing much more than digital information. Identification of business ownership of information is critical. • Effective information assurance achieves simplified and secure access, confidentiality and integrity, enabling effective, reliable and timely use to information for day-to-day business and optimises business success.