Similarity and Dissimilarity between Information Security and Information Assurance

Main Article Content

Nathaporn Utakrit
Nattavee Utakrit

Abstract

The advent of the Internet completely upends the globe and, in just decades, have changed everything about how people communicate and share and exchange information by establishing and maintaining the trust of the sources and staying secure. Safeguarding and protecting information is necessary. This article presents the understanding of information assurance (IA) versus information security (InfoSec) concepts. The paper aims to clarify the meaning, elements, and dimensions of IA and InfoSec and the relationship between the disciplines. Clarity of the dimensions and purposes of IA and InfoSec is important because this understanding serves as a foundation for the definition of curricula for the IA and InfoSec study program, responsibilities of IA and InfoSec practitioners, and corporate strategy and policy. The authors aim to present the measurements of the terms. The proactive and relevant official standards will also be introduced in the paper.

Article Details

Section
Academic Paper

References

C.D. Schou, J. Frost, and W.V. Maconachy. “Information Assurance in Biomedical Informatics Systems.” IEEE Engineering in Medicine and Biology Magazine,Vol. 23, No. 1, pp.110-118, January-February, 2004.

C. A. Horne, S. B. Maynard, and A. Ahmad. “A Theory on Information Security: A Pilot Study.” Proceedings of the 14th Pre-ICIS Workshop on Information Security and Privacy, Munich, pp. 1-23, 2019.

Dialogic, Application Deployment. Available Online at https://www.dialogic.com/glossary/ application-deployment-, accessed on 17 October 2021.

Y. Cherdantsevaa and J. Hilton, Understanding Information Assurance and Security, A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy, School of Computer Science & Informatics, Cardiff University, 2015.

W. V. Maconachy, C. D. Schou, D. Ragsdale, and D. Welch, “A Model for Information Assurance: An Integrated Approach.” Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, New York, pp. 306-310, 2001.

The Free Dictionary, Information Assurance. Available Online at https://www.thefreedictionary.com/information+assurance, accessed on 29 October 2021.

Oxford Learner’s Dictionaries, Information Security. Available Online at https://www.oxfordlearnersdic tionaries.com/definition/english/information-security, accessed on 29 October 2021.

Cisco, What is Information Security? Available Online at https://www.cisco.com/c/en/us/products/security/what-is-information-security-infosec.html, accessed on 29 October 2021.

Suzanne, Information Assurance vs. Information Security. Available Online at https://ictreverse.com/information-assurance-vs-information-security/, accessed 14 October 2021.

IGI Global, What is Information Assurance (IA). Available Online at https://www.igi-global.com/dictionary/internal-auditing-information-assurance/ 14349, accessed on 17 October 2021.

IGI Global, What is Information Security (IS). Available Online at https://www.igi-global.com/dictionary/information-security-is/14481, accessed on 17 October 2021.

PCMag, Information Assurance. Available Online at https://www.pcmag.com/encyclopedia/term/information-assurance, accessed on 17 October 2021.

PCMag, Information Security. Available Online at https://www.pcmag.com/encyclopedia/term /information-security, accessed on 17 October 2021.

NIST, Information Assurance (IA) - Glossary. Available Online at https://csrc.nist.gov/glossary /term/information_assurance, accessed on 20 September 2021.

Computer Security Resource Center (CSRC), Information Security - Glossary. Available Online at https://csrc.nist.gov/glossary/term/information_ security, accessed on 20 September 2021.

NIST, Security Assurance. Available Online at https://csrc.nist.gov/glossary/term/security_assurance, accessed on 20 September 2021.

NIST, Security Information - Glossary. Available Online at https://csrc.nist.gov/ glossary/term/security_information, accessed on 20 September 2021.

SentientDigitalInc, 5 Principles of Information Assurance. Available Online at https://www.sdi.ai/blog/5-principles-of-information-assurance/, accessed on 14 October 2021.

M. N. O. Sadiku, S. Alam, and S. M. Musa, “ Information Assurance Benefits and Challenges: An Introduction.” Information & Security: An International Journal, Vol. 36, pp. 3604-1-3604-5, 2017.

R. Cummings, “The evolution of information assurance.” Computer, Vol. 35, No. 12, pp. 65-72, 2002.

Computer Security Resource Center (CSRC), Non-repudiation - Glossary. Available Online at https://csrc.nist.gov/glossary/term/non_repudiation #:~:text=Definition(s)%3A,deny%20having%20 processed%20the%20information, accessed on 16 December 2021.

ISO27001Security, ISO/IEC 27001 certification standard. Available Online at https://www.iso27001 security.com/html/27001.html, accessed on 24 October 2021.

The British Standards Institution, ISO/IEC 27001 International Information Security Standard published. Available Online at https://www.bsigroup. com/en-GB/about-bsi/media-centre/press-releases /2005/11/ISOIEC-27001-International-Information-Security-Standard-published/, accessed on 2 November 2021.

H. Baars, J. Hintzbergen, A. Smulders, and K. Hintzbergen, Foundations of Information Security Based on ISO27001 and ISO27002 - 3rd revised edition. Zaltbommel: Van Haren Publishing, 2015.

G. Disterer, “ISO/IEC 27000, 27001 and 27002 for Information Security Management,” Journal of Information Security, Vol. 4, No. 2, pp. 92–100, 2013.

International Organization for Standardization, ISO/IEC 27001:2013. Available Online at https://www. iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/45/54534.html, accessed 2 November 2021.

M. Antunes, M. Maximiano, R. Gomes, and D. Pinto, “Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal,” Journal of Cybersecurity and Privacy, Vol. 1, No. 2. pp. 219–238, 2021.

International Organization for Standardization, ISO/IEC 27000 – key International Standard for information security revised. Available Online at https://www.iso.org/cms/render /live/en/sites/isoorg/contents/news/2018/03/Ref2266.html, accessed 2 November 2021.

International Organization for Standardization, ISO/IEC 27005:2018. Available Online at https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/07/52/75281.html, accessed 2 November 2021.

ISO27001Security, ISO/IEC 27005 risk management standard. Available Online at https://www.iso27001 security.com/html/27005.html, accessed 2 November 2021.

Norwich University Online, Information Assurance vs. Information Security. Available Online at https://online.norwich.edu/academic -programs/resources/information-assurance-versus-information-security, accessed 22 October 2021.

WorldWideLearn, Information Assurance Major. Available Online at https://www.worldwidelearn. com/guide-to/technology/information-assurance-major/, accessed 16 December 2021.

D. Bisson, The Top 10 Highest Paying Jobs in Information Security – Part 2. Available Online at https://www.tripwire.com/state-of-security/featured/the-top-10-highest-paying-jobs-in-information- security-part-2/, accessed 16 December 2021.

D. Bisson, The Top 10 Highest Paying Jobs in Information Security – Part 1. Available Online at https://www.tripwire.com/state-of-security/featured/the-top-10-highest-paying-jobs-in-information-security-part-1/, accessed 16 December 2021.

J. McCumber, Assessing and Managing Security Risk in IT Systems: A Structured Methodology. Florida: CRC Press, 2004.

M. Nieles, K. Dempsey and V. Y. Pillitteri, An Introduction to Information Security. Available Online at https://nvlpubs.nist.gov/nistpubs/ Special Publications/NIST.SP.800-12r1.pdf, accessed on 2 November 2021.

C. Easttom, Concepts and Approaches. Available Online at https://www.pearsonitcertification.com/articles/ article.aspx?p=2990398&seqNum=6, accessed on 31 October 2021.

R. Chakraborty, S. Ramireddy, T. S. Raghu and H. R. Rao, "The Information Assurance Practices of Cloud Computing Vendors," IT Professional, Vol. 12, No. 4, pp. 29-37, July-August 2010.

E. Chabrow and R. Ross, Rules Make Adoption of Cloud Computing Challenge for Agencies. Available Online at https://www.govinfosecurity.com/rules-make-adoption-cloud-computing-challenge-for-agencies-a-1348, accessed 21 October 2021.