Information Assurance Model
Information Systems Security Committee (NSTISSC) has defined IA as:
“Information operations (IO) that protect and defend information and information systems be ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities”.
Information Assurance not only expands the coverage, responsibilities and accountability of security
Professionals but also provides a view of information protection that is a subset of Information Operations that include IA defensive measures, but also proactive offensive activities. When viewed from this perspective, the axiom, “Your offense is only as good as your defense” brings a completely new perspective to IA to include such measures as “Active Network Defense”.
According to the author Information Assurance is now viewed as both multidisciplinary and multidimensional and the strength of this model does not lie in redefining of the field of IA, but in the multidimensional view to implement robust IA programs. There are four dimensions of the information system which measures to protect the system and the information resident in that system.
The four dimensions of this model are:
• Information States
• Security Services
• Security Countermeasures
• Time
Information States:
Information states consists of three states Stored, Processed and Transmitted and Information is available in any of these three states and can even co-exist in two different states
Security Services:
Security services are an integral part of the Information Assurance model. It consists of five different security services.
• Availability,
• Integrity
• Authentication
• Confidentiality
• Non-Repudiation.
Security Countermeasures:
Those protective activities required such as the account of technology, operations and people to prevent espionage, sabotage, theft, or unauthorized use of classified or controlled information, systems, or material then the systems becomes vulnerable to the attacks.
Time:
Time is a fourth dimension of the integrated model and it is not a causal agent of change, but a confounding change agent. For example, the introduction of new technology, over time, requires modifications to other dimensions of the integrated model in order to restore a system to a secure state of operation. Finally, the human side of the time line leads to career progression. Individuals involved in IA will become better trained and educated. These learning activities, over time, will produce an enhancement to a system security state.
Conclusion:
Finally the IA model has provided a framework that could be understood by a teacher, student and an analyst who is dealing with it. . It engages students of all backgrounds in individual and group activities that explore areas of Computer Information Assurance with investigative skills appropriate for their grade levels, and it affords the opportunity to come up with problem solutions on their own for the most part, with limited reliance on the teacher. The author clearly explains that he can identify a component by where on the counter-measures dimension it falls. He can understand it by determining how and if it protects information in various states. He also uses this model to help him not think of IA as static, but dynamic.
[1] http://grothoff.org/christian/teaching/2007/3704/w2c3.pdf
[2] https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2007-92.pdf
[3] http://en.wikipedia.org/wiki/Information_assurance
No comments:
Post a Comment