Information Assurance: Security in the Information Environment (Computer Communications and Networks) : 9781846282669

This updated edition was written to help IT managers and assets protection professionals to assure the protection and availability of vital digital information and related information systems assets, and contains major updates and 3 new chapters. Bridging the gap between information security, information systems security and information warfare, it re-examines why organisations need to take information assurance seriously, and discusses the business, legal, and technical knowledge needed to secure these vital government and business assets. Key topics include: The role of the corporate security officer; Corporate cybercrime; Electronic commerce and the global marketplace; Cryptography; International standards, policies and security acts. "A refreshingly clear & wide-ranging view of Information Assurance...this book not only explains what the problems are, it also gives you clear information on how to address the issues that have been raised." (Dr. Andy Jones, Research Group Leader, BT Group Chief Technology Office UK)

When you first hear the term information assurance you tend to conjure up an image of a balanced set of reasonable measures that have been taken to protect the information after an assessment has been made of risks that are posed to it. In truth, this is the Holy Grail that all organisations that value their information should strive to achieve, but which few even understand.

Information assurance is a term that has recently come into common use. When talking with old timers in IT (or at least those that are over 35-year old), you will hear them talking about information security, a term that has survived since the birth of the computer. In the recent past, the term information warfare was coined to describe the measures that need to be taken to defend and attack information. This term, however, has military connotations – after all, warfare is normally their domain. Shortly after the term came into regular use, it was applied to a variety of situations encapsulated by Winn Schwartau as the following three classes of information warfare:

Class 1: Personal information warfare
Class 2: Corporate information warfare
Class 3: Global information warfare

Political sensitivities lead to “warfare” being replaced by the “operations”, a much more “politically correct” word. Unfortunately, “operations” also has an offensive connotation and is still the terminology of the military and governments. A term was needed that described the measures needed to safeguard the most precious asset in this modern, connected world – information. The measures are much more than just security, encompassing the concepts of risk assessment, management and the protection of your information from compromise, theft, modification and lack of availability.