Information Assurance is the practice of managing information-related risks. More specifically, IA practitioners seek to protect the confidentiality, integrity, and availability of data and their delivery systems. These goals are relevant whether the data are in storage, processing, or transit, and whether threatened by malice or accident. In other words, IA is the process of ensuring that the right people get the right information at the right time.
Information Assurance is closely related to information security and the terms are sometimes used interchangeably. However, IA’s broader connotation also includes reliability and emphasizes strategic risk management over tools and tactics. In addition to defending against malicious hackers and code (e.g., viruses), IA includes other corporate governance issues such as privacy, compliance, audits, business continuity and disaster recovery. Further, while information security draws primarily from computer science, IA is interdisciplinary and draws from multiple fields, including fraud examination, forensic science, military science, management science, systems engineering, security engineering and criminology, in addition to computer science. Therefore, IA is best thought of as a superset of information security. Information Assurance is not just computer security because it includes security issues that do not involve computers.
