¶ … Assurance Program
Why/How to create an Information Assurance
Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives assurance that the very information required is available?
This document contains the solutions to the concerns mentioned above; an Information Assurance Program is necessary in every organization. This project explains why information assurance program is needed in every viable company and also explores ways it can be affected, integrated into the organization and organized. The program encompasses different models which span through finding the reason why such program is needed to analyzing whether the finding is practicable. This takes the next leap by prioritizing the analyzed needs of the case study organization.
There are many models but not all are applicable to the case study of organization as well spelt out in later chapters of this write-up. The models examined in this project are such that works for any organization that is keen at updating and strengthening their information assurance by engaging in the program, suggested in this project.
Table of Contents
Abstract
Table of Contents
Introduction
Principles of Information Assurance
Approaches to Information Assurance
Processes of Information Assurance
Ensuring an Effective Management Change
Software Development -- Compliance with CMMI
Data Management
Developing Information System to Suit the Case Organization
Information System Security Standards
Information System Security Models
Preparing the Information System Operators for better Operations
Cost Analysis of Undertaking Information System Security
Executive Summary
Introduction
To better understand the concept of Information Assurance program in a company setting, an understanding of 'information' and 'assurance' need mentioning. According to Cambridge online dictionary, information is defined as facts about a situation, person or thing while assurance is defined as a promise. In a company setting, a promise that information will be available in an organized manner is made.
Information Assurance refers to a process that starts with what strategy should be employed, an outlay of high-level risk that can be tolerated by the company and the likely rewards that can be gained from such strategy. Security in the workplace is such a complex matter where a lot of matters also vie for attention. A model must be established which will serve as the hallmark for other IT workers to follow. The procedure of Information assurance strives is such that there must responsibility, transferability and storage of data. The stored data must be protected and for that to be enshrined, certain models must be followed. Amongst the models construed by the government, the most notable one is called the 'Triad Model." This is based on the principles: confidentiality, integrity and availability. These principles still form the building blocks of information security. In a case study organization, these principles apply to every information and data management strategy in all departments of the organization. Other Models, of course, are also useful but for the sake of the case study organization, the "Hexad" and "Triad" Models shall be fully considered (SACA, 2006, Thomas, 2001).
Principles of Information Assurance
Confidentiality
This aspect of the triad model spells out the access level anyone has to certain information and the permission level. For information to be accorded any manner of confidentiality, it must be really private and confidential in nature. It is a principle based on company ethics where dissemination of unrestricted information to a third party is disallowed. Certain restrictions are usually placed on permission to access information without authorization. It can also be said to be the cornerstone of information security in today's business corporation (Harwood, 2006).
Integrity
This is another ingredient of security and assurance. It refers to being accurate and consistent in data handling without any problems occurring due to changes in an updated version of the data. It can also mean that the information is not tampered with, meaning that it is whole (Parker, 2000).
Through the use of standard rules and regulations, integrity is forced on the database during its design. It is important to consider that while trying to enforce integrity, unprecedented loopholes are inevitable but could be minimized by the following methods:
Regular data back-up
Designing of the database with ability to detect invalid data input
Control of data flow and access by certain security mechanism, and Using of software that checks for and correct errors.
By installing software that...
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now