2.2.1 Information assurance
According to Jacobson (2011), Information assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These goals are relevant whether the information is in storage, processing, or transit, and whether threatened by malice or accident. In other words, IA is the process of ensuring that authorized users have access to authorized information at the authorized time while Schou (2007) states that in information assurance due care is characterized by a careful attention to detail in the process of designing, assessing, updating and monitoring data and systems. He further states that it has control implications as well. He also states that the assumption is that an ethical organization will always exercise due care in the enforcement of confidentiality and integrity requirements. Schou (2007) further stated that information assurance has a life cycle. He stated that …show more content…
These are necessary because information is intangible. Therefore has to be an initial stage to identify and label the inrormation that the organization owns and recognize what threatens it. The first chapter presents a process to ensure that all items of value to the organization are identified and accounted for. Without this process, the organizationwould not know what to secure. Once each information asset is identified and catalogued, a risk assessment is carriedout to define the specific things that might harm each item. Specific knowledge of the risks is a precondition to establishing a correct response. This involves: Undrestanding the form of the asset and also assessing risks (Schou,