Assurance Program Why/How To Create An Information Case Study

Length: 25 pages Sources: 1+ Subject: Education - Computers Type: Case Study Paper: #61079765 Related Topics: Quality Assurance, Program Evaluation, Systems Analyst, Title Ix
Excerpt from Case Study :

¶ … Assurance Program

Why/How to create an Information Assurance

Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives assurance that the very information required is available?

This document contains the solutions to the concerns mentioned above; an Information Assurance Program is necessary in every organization. This project explains why information assurance program is needed in every viable company and also explores ways it can be affected, integrated into the organization and organized. The program encompasses different models which span through finding the reason why such program is needed to analyzing whether the finding is practicable. This takes the next leap by prioritizing the analyzed needs of the case study organization.

There are many models but not all are applicable to the case study of organization as well spelt out in later chapters of this write-up. The models examined in this project are such that works for any organization that is keen at updating and strengthening their information assurance by engaging in the program, suggested in this project.

Table of Contents


Table of Contents


Principles of Information Assurance

Approaches to Information Assurance

Processes of Information Assurance

Ensuring an Effective Management Change

Software Development -- Compliance with CMMI

Data Management

Developing Information System to Suit the Case Organization

Information System Security Standards

Information System Security Models

Preparing the Information System Operators for better Operations

Cost Analysis of Undertaking Information System Security

Executive Summary


To better understand the concept of Information Assurance program in a company setting, an understanding of 'information' and 'assurance' need mentioning. According to Cambridge online dictionary, information is defined as facts about a situation, person or thing while assurance is defined as a promise. In a company setting, a promise that information will be available in an organized manner is made.

Information Assurance refers to a process that starts with what strategy should be employed, an outlay of high-level risk that can be tolerated by the company and the likely rewards that can be gained from such strategy. Security in the workplace is such a complex matter where a lot of matters also vie for attention. A model must be established which will serve as the hallmark for other IT workers to follow. The procedure of Information assurance strives is such that there must responsibility, transferability and storage of data. The stored data must be protected and for that to be enshrined, certain models must be followed. Amongst the models construed by the government, the most notable one is called the 'Triad Model." This is based on the principles: confidentiality, integrity and availability. These principles still form the building blocks of information security. In a case study organization, these principles apply to every information and data management strategy in all departments of the organization. Other Models, of course, are also useful but for the sake of the case study organization, the "Hexad" and "Triad" Models shall be fully considered (SACA, 2006, Thomas, 2001).

Principles of Information Assurance


This aspect of the triad model spells out the access level anyone has to certain information and the permission level. For information to be accorded any manner of confidentiality, it must be really private and confidential in nature. It is a principle based on company ethics where dissemination of unrestricted information to a third party is disallowed. Certain restrictions are usually placed on permission to access information without authorization. It can also be said to be the cornerstone of information security in today's business corporation (Harwood, 2006).


This is another ingredient of security and assurance. It refers to being accurate and consistent in data handling without any problems occurring due to changes in an updated version of the data. It can also mean that the information is not tampered with, meaning that it is whole (Parker, 2000).

Through the use of standard rules...


It is important to consider that while trying to enforce integrity, unprecedented loopholes are inevitable but could be minimized by the following methods:

Regular data back-up

Designing of the database with ability to detect invalid data input

Control of data flow and access by certain security mechanism, and Using of software that checks for and correct errors.

By installing software that disallows alteration of data without permission

By making sure that only authenticated persons checks the final information for verification


This is viewed from two dimensions: The Security Model and the Information Assurance Model. According to the former, it is when users or people are allowed access to a computer network in their bid to access information while in the former; availability refers to when a user is allowed access to the power supply of a networked system serving as a server of information.


Although not part of 'triad model', this is an extremely important principle of information assurance. There is always a concern 'rightful access' to certain information in an organization. Authenticity refers to the right a person has to send or receive information. This is ensured when authenticity is ensured in an organization.


This refers to a set of instruction given to software to only grant access to the person who is permitted to view, alter and work with the information. This ensures that there is no information leakage or loss of information on transit. There are different levels of this authorization; it could be high or low level authorization. High level authorization allows respective personal to access the information without much scrutiny. On the other hand, if a person had a low level access then he will be allowed to only view the information without actually altering anything from it. This serves to disallow abuse of the authorization (Thomas, 2001).

As mentioned earlier, several Models exist for different organizations of which the shotlisted one proves to work on the case study organization. Many models have evolved through decades of use while some are mere updated versions of the old ones. Over the years and from use, some approaches have come into existence which have direct relation with data management and application development of the case study organization. In order to have secure information and minimize or tackle data management breach, these levels of security are needed: physical security, communication security, operation security, system reliability, system safety, information security and operations security. This ensures that these security levels are adhered to only serve to prevent the abuses that may occur from uncontrolled access. It also prevents loss of information that can result from human error or malfunctioning hardware. The case study organization is encouraged to observe these securities.

Approaches to Information Assurance

To ensure protection of information stored on the database of the computer, established security level is necessary as mentioned earlier. This prevents data breach, tampering with information and data loss.

Physical Security

Simply put, this is protecting the computer hardware and its peripherals from damage and theft so as to avoid loss of data or/and to avoid disruption in the operation of such computer.

Communication security

With reference to the principles of information assurance, which among others are: confidentiality, availability and integrity, this involves a collaborative effort among the engineers in the IT department at ensuring that information in the form of data that is transmitted between computer networks remains confidential and protected from prying eyes. Confidentiality is ensured when the information sent is only decipherable to the person it was meant for. The data sent is considered available and credible if received within the required time irrespective of constraints. Integrity as well, is maintained when the transferred data is not altered any way either due to human factor or technical issues (SACA, 2006).

Operation Security

Operation security concerns with the operations performed by housing computers such as the information received from the sender or the receiving computer. It is a well-known fact that information sending is initiated by the operators of the networked system in the case study organization. This group of people could include administrative operators, data operators and personnel operators. This could be applied to more groups than this but this is applicable to the case study organization. Operation security deals with setting up a standardized operational guideline that caters for the information sent between systems in a manner that the computers responsible for these data transmission are secure at all times and are located in environment where likelihood of it being destroyed of stolen is highly minimized.

System Reliability

This refers to the relationship among the components of a computer system and the decision made regarding the choice of specific components to use while assembling the computer systems in such a way that there can be improvements…

Sources Used in Documents:


Harwood, I.A. (2006). Confidentiality constraints within mergers and acquisitions: gaining insights through a 'bubble' metaphor, British Journal of Management, Vol. 17, Issue 4., 347 -- 359.

Parker, Donn B.] (2002). "Toward a New Framework for Information Security." New York, NY: John Wiley & Sons. ISBN 0471412589.

Elsayed, E. (1996) Reliability Engineering, Addison Wesley, Reading, California: USA.

SACA (2006). CISA Review Manual 2006. Information Systems Audit and Control Association. pp. 85. ISBN 1-933284-15-3.

Cite this Document:

"Assurance Program Why How To Create An Information" (2012, February 18) Retrieved June 17, 2021, from

"Assurance Program Why How To Create An Information" 18 February 2012. Web.17 June. 2021. <>

"Assurance Program Why How To Create An Information", 18 February 2012, Accessed.17 June. 2021,

Related Documents
Information Security Training Program
Words: 3414 Length: 12 Pages Topic: Business - Management Paper #: 71010214

Federal Information Security Management Act (FISMA) The Federal Information Security Management Act places emphasis on the importance of training and awareness program and states under section 3544 (b).(4).(A), (B) that "security awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency of- information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures

Animal Welfare Assurance Programs
Words: 1107 Length: 3 Pages Topic: Animals Paper #: 4916228

Animal Welfare Assurance Organizations Animal welfare: Assurance organizations Organization 1: Manes and Tails Mission (Hoboken, NJ) Manes and Tails Mission, located in Hoboken, NJ is a locally-based organization that oversees a variety of efforts to reduce cruelty against horses. Given the faltering economy, many horses have been abandoned and/or abused, as fewer and fewer people have the ability to care for their animals properly. Horses from the racetrack or who have been used

Program Evaluation Home and Community-Based
Words: 7215 Length: 25 Pages Topic: Healthcare Paper #: 51007613

C. Evaluation question(s) and aims. The primary question that will be addressed is to identify whether HCBS program is able to provide service to the target population. The evaluation questions will also be directed to the cost effectiveness of the program. The following evaluation questions are identified: 1. Is the program meet the budget requirements of the 1915 (b)? 2. Has the program generates cost saving? 3. Has the program has been able to

Information Technology Aquarius Marketing Project
Words: 3970 Length: 12 Pages Topic: Business - Management Paper #: 3202159

Migrate off of any individualized content management systems and processes not integrated to a single portal platform for greater cost and time savings in administration. Olson (32) provides an excellent case study on how universities are making use of open source portal applications to alleviate redundant and often conflicting data in multiple portals on an IBM WebSphere platform Define and build out a portal development plan that encompasses all shared processes

Management Information System MIS in BAE Systems Inc
Words: 2147 Length: 6 Pages Topic: Information Technology Paper #: 92428599

The role of Risk Management Information System (RMIS) in BAE Systems, Inc. With its headquarters in Virginia’s Arlington County, BAE Systems Incorporated has units in America, Britain, Mexico, Israel, Sweden, and South Africa that employ around 43,000 individuals. Its mounting yearly earnings suggest that it may be counted as one of the top global defense firms (Winzelberg, 1). Its extensive operations cover air, naval and land electronic systems, services, and platforms.

E-Learning Master's Degree Program in
Words: 10082 Length: 25 Pages Topic: Teaching Paper #: 28224011

This engagement is reported to be highly valuable to most students as they connect with one another on relevant classroom topics as applied to life contexts. E-learning in the graduate teaching setting has changed the paradigm of student teaching as well. During group discussion instructors have found student to become personally quite open during these dialogues and, more often than not, exceed word count requirements as well as the