What Is Information Assurance and Security?

Posted by

Smiling young women holding a tablet standing in front of a row of laptops connected to computer network servers.

There is a clear need for information assurance and security workers. The Bureau of Labor Statistics (BLS) projects that the employment of information security analysts will increase 28 percent by 2026, which is much faster than the average for all occupations.

“Demand for information security analysts is expected to be very high,” the BLS explained. “Cyberattacks have grown in frequency, and analysts will be needed to come up with innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks.”

The 2017 Equifax cybersecurity breach — one of the five biggest data breaches ever in reach and the kind of information exposed to the public — demonstrates what can happen in a security crisis. As many as 143 million Americans (nearly half the country) had their personal information compromised in the breach, according to CNN. Names, Social Security numbers, birth dates, addresses, numbers of driver’s licenses and credit card numbers were among the types of information exposed in the attack.

These types of attacks can damage customers, as well as organizations’ reputation, profits and assets. To guard against these threats, businesses need to take topics like information assurance and security seriously.

What Is Information Assurance and Security?

Information assurance and security are related but separate concepts. “The terms are inherently linked and share an ultimate goal of preserving the integrity of information,” according to data loss prevention software company Digital Guardian.

Clarifying the Terms

Information assurance is about protecting information assets from destruction, degradation, manipulation and exploitation by an opponent, according to Andrew Blyth and Gerald Kovacich in their book Information Assurance: Surviving in the Information Environment. They offer an additional definition from the United States Department of Defense (from 1996) to help clarify what information assurance means.

Actions taken that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities.

Information security can be defined as the protection of information against unauthorized disclosure, transfer, modification or destruction, whether accidental or intentional.

Information security can be considered a sub-discipline or component of information assurance. Both concepts deal with intentional and unintentional attacks, but information assurance covers areas not covered by information security such as perception management. This level of information assurance deals with physical and technical measures to maintain an accurate, objective perception of the security state of the system and the information contained in the system.

Application

Information security offers many benefits for businesses, according to Digital Guardian.

  • Maintaining compliance with regulatory standards, preventing costly security events, maintaining the company’s reputation and preserving the trust of customers, suppliers, partners and shareholders.
  • Protection against fines issued by regulatory agencies or lawsuits from other companies and individuals, if the company fails to protect sensitive information and other companies or individuals suffer consequences in a breach.

Because information security is included within information assurance, the above benefits apply to information assurance. Additional benefits include data integrity, usability, non-repudiation, authenticity, confidentiality, availability and the reliable and timely access to information.

Information assurance is broad in nature. This field stresses organizational risk management and overall information quality. It’s a strategic initiative that incorporates a wide range of information protection and management processes. Examples include security audits, network architecture, compliance audits, database management and the development, implementation and enforcement of organizational information management policies.

Information security involves mitigating risks through secure systems and architecture, in an effort to eliminate or reduce vulnerabilities. The BLS listed some of the typical tasks that information security analysts perform.

  • Monitor networks for security breaches and investigate when violations occur.
  • Install software, such as firewalls and data encryption programs, to protect data.
  • Prepare reports to document security breaches and the resulting damage.
  • Conduct penetration that simulates attacks to locate system vulnerabilities.
  • Research the latest information technology (IT) security trends.
  • Develop security standards and best practices.
  • Recommend security enhancements to management or senior IT staff.
  • Help computer users when they need to install or learn about new security products and procedures.

Information Assurance and Security in Healthcare

Healthcare is an industry that’s particularly affected by information assurance and security issues.

The BLS noted in the job outlook for information security analysts that “as the healthcare industry expands its use of electronic medical records, ensuring patients’ privacy and protecting personal data are becoming more important. More information security analysts are likely to be needed to create the safeguards that will satisfy patients’ concerns.”

Hackers have found healthcare to be a lucrative target. “From organizations with exposed, unused websites to unencrypted storage drives, health organizations appear to still have much to learn about security,” according to Healthcare IT News. The article listed dozens of sizable healthcare breaches, such as the following examples.

  • The Augusta University Medical Center in Georgia was hit by successful phishing attacks twice within the past year.
  • A cyberattack on Medical Oncology Hematology Consultants in Delaware impacted 19,203 patients, targeting electronic files on the provider’s server and workstation.
  • More than 106,000 patients were notified by Mid-Michigan Physicians Imaging Center of a potential data breach of their personal health information.
  • Pacific Alliance Medical Center in Los Angeles was hit by a ransomware attack involving the health information of 266,123 patients.
  • Patient data for 1.1 million patients enrolled in Indiana’s Health Coverage Program was left open, giving access to name, Medicaid ID number, name and address of doctors treating patients, patient number, procedure codes, dates of service and the amount Medicaid paid doctors or providers.
  • Molina Healthcare, which insures 4.8 million patients in 12 states and Puerto Rico, shut down its client portal in response to a security flaw that exposed patient medical claims data without requiring authentication.
  • Cybercriminal organization TheDarkOverlord hacked the server and back-up drive of Cancer Services of East Central Indiana-Little Red Door. The organization stripped data, encrypted it and asked for a $43,000 ransom as well as making extortion threats.

Information Assurance and Security Salary

The BLS does not track salary data for information assurance workers.

Information security analysts earn a median annual wage of $92,600. In the top industries, they earn the following median salaries.

  • Finance and insurance: $94,050
  • Computer systems design and related services: $93,490
  • Information: $92,940
  • Administrative and support services: $92,890
  • Management of companies and enterprises: $87,510

Overall, the median annual wage for computer and information technology occupations is $82,860.

Advancing Your Career

Employment in information assurance or security positions typically requires at least a bachelor’s degree. For instance, according to the BLS, information security analysts usually need at least a bachelor’s in computer science, information assurance, programming or a related field.

With an online computer science degree from Concordia University Texas, you can learn the knowledge and skills needed to pursue a rewarding career in information assurance or security, along with other computer-related fields. Learn in a flexible, convenient online environment with a schedule that fits your life.