Information Assurance

Information Assurance (IA) is the practice of assuring information quality and managing risks related to the use, processing, storage, and transmission of information.

The 5 pillars of information assurance includes protection of the Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation of information.

In IT systems, when possible, assets should be tagged/labeled with proper Information Assurance level.

Confidentiality

The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

Confidentiality Levels

Also called data classification levels, can be categorized depending on its disclosure risk and value.

For example, the GDPR uses four data classification levels:

• Public

  Freely available and does not require any special security measures.

• Internal

  To be kept inside the company.

• Confidential

  Only for explicitly authorized people.

• Restricted

  Not to be shared or requiring special treatment when shared.

Integrity

Maintaining and assuring the accuracy and completeness of data over its entire lifecycle.

Availability

Importance for the information to be accessible to authorized users and systems when needed.

Authenticity

Ensuring that the information comes from the source it’s supposed to come from.

Non-repudiation

Ensuring that a party cannot deny having sent or received the information.