Information Assurance - Essay Example

Information Assurance Introduction Information Assurance may be described as information operations that safeguard and preserve data by making sure the accessibility, integrity, authentication, privacy, and non-repudiation. This comprises reinstatement of information systems by integrating defense, detection, and response capacities. Generally, the Information Assurance procedure makes certain that: only approved users have the assured access facility to proper friendly information systems, i.e. accessibility; the data systems are secured from unauthorized alteration i.e. integrity of data; authorized users are confirmed i.e. authentication; the information within the system is secured from unauthorized exposure i.e. privacy; and the data systems give an irrefutable record of proof of user sharing and transactions i.e. non-repudiation. The data system or method which does not have any of these information assurance components is weak to enemy interruption or exploitation and must be considered as not reliable (Cox, et.al. 1999). Usually, security measures are put into practice in large institution as a threat-reactive technique. It responds to the anomalous information, which is measured in relation to what is fixed to be the normal pattern or somebody, hacks the network and it react to the hack. But in an Information Assurance environment, the result of security processes are measured, and the results of those outcome reported so that they can be efficiently dealt with (Loeb, 2001). In this essay the Professional Development in Information Assurance is explained in a personal perspective. Professional Development in Information Assurance Information Assurance includes technologies like hardware/software systems which are intended to carry out desired functions, an engineering aspect that directs the progress of systems, and basic science that coerce both the technology and engineering disciplines. Each has its own disadvantages. The present Information Assurance technologies have some restrictions that lessen their efficacy. Primarily they are all reactive; for instance, vulnerability scanners, I DS, and virus detectors can be effective only on known attacks. But the usual progressive spiral of predator and prey, invaders incessantly develop innovative ways of beating the Information Assurance. For example, appliances can in fact be designated by attackers to impose a DoS on their victims by deceiving them into a response that hinder genuine functions, even though there is no real attack against the system (Kewley, 2001). Secondly, Information Assurance technologies centered on defending the network, rather than on the purpose the network serves. Lastly, the execution of existing I A technology uses the same susceptible computers, software, and networking which it is trying to defend. For example, firewalls and I DS are only computer workstations and are themselves subject to attack. Even as the technology itself is strong, the administration of the system using the technology is often susceptible. At present, I A engineering is simply a prescriptive procedure where a set of steps to follow and matters to consider. The hindrance to a more precise approach to I A engineering is the lack of helpful metrics. Lacking metrics, security necessities could not be quantified; security cannot be planned to requirements or tested to decide whether it adjust to the requirements. Unless a means to carry out these engineering actions, Information Assurance could not be measured as a true engineering discipline. Even though an informal engineering method for Information Assurance subsist, it seems that there is no valid science of I A. Cryptography and formal methods (FMs) may be considered as two areas of exact scientific attempt that are commonly established as pertinent to I A. Information Assurance technologies that depend on cryptographic algorithms as their basis can give quantitative, verifiable security against cryptographic attacks. But there are several attacks on system that environs the cryptographic algorithm, and at present no scientific principles can predict whether the key can be stolen through a network attack or the cryptographic algorithm can be avoided in total as of OS insecurity. Cryptography and FMs have little to offer in terms of real networks. For the success of state-of-the-art technology and to provide I A engineering a quantitative base, the basic scientific principles impacting Information Assurance must be resolved. Lee and Gregg, (2005) foresee an opportunity in which the customers can boldly influence the progressive commercial I T to develop nationwide security systems that are equivalent or greater to the potential opponent can put forth. This assurance must be based on scientific and engineering principles for Information Assurance. Future Information Assurance plan will not begin under benign environment. In its place, it will start by creating a network that will function under the antagonistic atmosphere that is likely to be set up. APL has already revealed that by adjusting parameters, networks can be intended to be resistant to certain category of attacks. For instance, controlling queue sizes and data refresh rates can also reduce the efficiency of entire classes of attack. Once accessibility of connectivity is necessary, network plan with several, superfluous paths for communication create a DoS attack less feasible. Information assurance engineering is going to start with specific operational requirements, rather than network-oriented parameters. APL predicts assurance requirements that are understood in mission-oriented conditions that are instantly helpful in deciding a system’s strength for use. For instance, think of the Global Information G rid (GIG) backbone, which has one vital function: to deliver packets from one edge network to another. In APL’s dream for I A, science will supply the basic theory that can be made use to build up both I A technologies with strong impact and engineering tools with exact prognostic control. This assumption will enlighten the properties of guaranteed systems and the basic restrictions of assurance for real systems (Lee and Gregg, 2005) Conclusion The significance of Information Assurance to consumers and the complexity of I A challenges are the main issues faced by the Information Assurance researchers. In this essay the Information Assurance available today and vision for I A in the future is discussed in relation to technology, engineering and science. Since the Information Assurance available today is inadequate further research and development is needed in this field to make critical contributions to the critical security challenges faced by the customers in Information Assurance. References Cox, CDRS. et.al. (1999). Information Assurance – the Achilles’ Heel of Joint Vision 2010? Air & Space Power Chronicles Retrieved on 17 February 2008 from: http://www.iwar.org.uk/rma/resources/airchronicles/ashley.htm Lee, S.C. and Gregg, D.M. (2005) From Art to Science: A Vision for the Future of Information Assurance. Johns Hopkins APL Technical Digest, Volume 26, Number 4 Retrieved on 9 February 2008 from: http://www.jhuapl.edu/techdigest/td2604/Lee.pdf Loeb, L. (2001) Information assurance powwow Conference at West Point focuses on the challenges of IA. IBM developerWorks. Retrieved on 17 February 2008 from: http://www-128.ibm.com/developerworks/library/s-confnotes/ Kewley, D. L., and Lowry, J., “Observations on the Effects of Defense in Depth on Adversary Behavior in Cyber Warfare,” in Proc. 2001 IEEE Workshop on Information Assurance and Security, U .S. Military Academy, West P oint, N Y (5–6 Jun 2001). Retrieved on 9 February 2008 from: http://www.jhuapl.edu/techdigest/td2604/Lee.pdf Read More