Misplaced Pages

#566433

52-491: Information assurance (IA) is the process of processing, storing, and transmitting the right information to the right people at the right time. IA relates to the business level and strategic risk management of information and related systems, rather than the creation and application of security controls. IA is used to benefit business through the use of information risk management , trust management , resilience, appropriate architecture, system safety, and security, which increases

104-423: A business is going to compete, what its goals should be, and what policies will be needed to carry out those goals" and the "...combination of the ends (goals) for which the firm is striving and the means (policies) by which it is seeking to get there." Henry Mintzberg described five definitions of strategy in 1998: Complexity theorists define strategy as the unfolding of the internal and external aspects of

156-636: A conceptual framework capable of harmonizing emergent and deliberate strategies. Within complexity approaches, the term "strategy" is intricately linked to action but contrasts programmed action. Complexity theorists view programs merely as predetermined sequences effective in highly ordered and less chaotic environments. Conversely, strategy emerges from a simultaneous examination of determined conditions (order) and uncertainties (disorder) that drive action. Complexity theory posits that strategy involves execution, encompasses control and emergence, scrutinizes both internal and external organizational aspects, and can take

208-635: A doctrine that will ensure long-term success if followed faithfully." Subordinating the political point of view to the military would be absurd, for it is policy that has created war...Policy is the guiding intelligence, and war only the instrument, not vice-versa. In military theory, strategy is "the utilization during both peace and war, of all of the nation's forces, through large scale, long-range planning and development, to ensure security and victory" ( Random House Dictionary ). The father of Western modern strategic study , Carl von Clausewitz , defined military strategy as "the employment of battles to gain

260-706: A number of international and national bodies that issue standards on information assurance practices, policies, and procedures. In the UK, these include the Information Assurance Advisory Council and the Information Assurance Collaboration Group . Strategy Strategy (from Greek στρατηγία stratēgia , "art of troop leader; office of general, command, generalship" ) is a general plan to achieve one or more long-term or overall goals under conditions of uncertainty . In

312-563: A reliance on information assurance to protect intellectual property, protect against potential data leakage, and protect users against themselves. While the use of information assurance is good ensuring certain pillars like, confidentiality, non-repudiation, etc. because of their conflicting nature an increase in security often comes at the expense of speed. Using information assurance in the business model improves reliable management decision-making, customer trust, business continuity and good governance in both public and private sectors. There are

364-605: A set of attraction basins establishing operational and regenerative capabilities. Hence, one of the primary roles of strategists is to identify "human attractors" and assess their impacts on organizational dynamics. According to the theory of Symbiotic Dynamics, both leaders and the technical system can act as attractors, directly influencing organizational dynamics and responses to external disruptions. Terra and Passador further assert that while producing, organizations contribute to environmental entropy, potentially leading to abrupt ruptures and collapses within their subsystems, even within

416-526: A standards organization, such as NIST RMF, Risk IT , CobiT , PCI DSS or ISO/IEC 27002 , may guide development. Countermeasures may include technical tools such as firewalls and anti-virus software , policies and procedures requiring such controls as regular backups and configuration hardening, employee training in security awareness, or organizing personnel into dedicated computer emergency response team (CERT) or computer security incident response team ( CSIRT ). The cost and benefit of each countermeasure

468-555: A strategic problem. The first is related to environmental factors, and the second focuses on the organizational context (Mukherji and Hurtado, 2001). These two sources summarize three dimensions originally proposed by Ansoff and Hayes (1981). According to them, a strategic problem arises from analysis of internal and external issues, the processes to solve them, and the variables involved. In Terra and Passador's conceptualization, organizations and their surrounding systems are closely linked, so their survival depends on each other. Therefore,

520-479: A strategy should combine proactive and reactive approaches, which means recognizing the organization’s impact on the environment and acting to minimize harm while adapting to new demands. The strategy should also align internal and external aspects of the organization and include all related entities. This helps build a complex socio-economic system where the organization is part of a sustainable ecosystem. Complexity science, as articulated by R. D. Stacey, represents

572-455: A transmission, originator, or process within an information system. Authentication provides the recipient confidence in the data senders validity as well as the validity of their message. There exists many ways to bolster authentication, mainly breaking down into three main ways, personally identifiable information such as a person's name, address telephone number, access to a key token , or known information, like passwords. Integrity refers to

SECTION 10

#1732855995567

624-440: A type of problem solving in 2011. He wrote that good strategy has an underlying structure he called a kernel . The kernel has three parts: 1) A diagnosis that defines or explains the nature of the challenge; 2) A guiding policy for dealing with the challenge; and 3) Coherent actions designed to carry out the guiding policy. President Kennedy illustrated these three elements of strategy in his Cuban Missile Crisis Address to

676-399: A view consistent with the definition of strategy by Porter and Mintzberg. In contrast, Burnett regards strategy as a plan formulated through methodology in which strategic problem encompasses six tasks: goal formulation, environmental analysis, strategy formulation, strategy evaluation, strategy implementation, and strategy control. The literature identifies two main sources for defining

728-507: Is a government's plan to use the instruments of national power to neutralize terrorists, their organizations, and their networks in order to render them incapable of using violence to instill fear and to coerce the government or its citizens to react in accordance with the terrorists' goals. The United States has had several such strategies in the past, including the United States National Strategy for Counterterrorism (2018);

780-488: Is an older concept than conditional probability . Instead of determining the objective probability, only a subjective assessment is defined. Especially for novices in the field, the chance for confusion is high. They are highly likely to confound the concept of probability with the concept of degree of truth. To overcome the misconception, it makes sense to see probability theory as the preferred paradigm to handle uncertainty. In adjudicative processes , 'substantive truth'

832-745: Is carefully considered. Thus, the IA practitioner does not seek to eliminate all risks; but, to manage them in the most cost-effective way. After the risk management plan is implemented, it is tested and evaluated, often by means of formal audits. The IA process is an iterative one, in that the risk assessment and risk management plan are meant to be periodically revised and improved based on data gathered about their completeness and effectiveness. There are two meta-techniques with information assurance: audit and risk assessment. Business Risk Management breaks down into three main processes Risk Assessment, Risk Mitigation and Evaluation and assessment. Information Assurance

884-487: Is often ensured with the use of cryptography and steganography of data. Confidentiality can be seen within the classification and information superiority with international operations such as NATO Information assurance confidentiality in the United States need to follow HIPAA and healthcare provider security policy information labeling and need-to-know regulations to ensure nondisclosure of information. Nonrepudiation

936-637: Is one of the methodologies which organizations use to implement business risk management. Through the use of information assurance policies like the "BRICK" frame work. Additionally, Business Risk Management also occurs to comply with federal and international laws regarding the release and security of information such as HIPAA . Information assurance can be aligned with corporates strategies through training and awareness, senior management involvement and support, and intra-organizational communication allowing for greater internal control and business risk management. Many security executives in are firms are moving to

988-416: Is the integrity of the data to be true to its origin, which prevents possible denial that an action occurred. Increasing non-repudiation makes it more difficult to deny that the information comes from a certain source. In other words, it making it so that you can not dispute the source/ authenticity of data. Non-repudiation involves the reduction to data integrity while that data is in transit, usually through

1040-405: Is through the use of redundant chip and software designs. A failure of authentication could pose a risk to information integrity as it would allow an unauthorized party to alter content. For example, if a hospital has inadequate password policies, an unauthorized user could gain access to an information systems governing the delivery of medication to patients and risk altering the treatment course to

1092-614: The three generations of information technologies, the first used to prevent intrusions, the 2nd to detect intrusion and the 3rd for survivability. Information assurance is a collaborative effort of all sectors of life to allow a free and equal exchange of ideas. Information assurance is built between five pillars: availability , integrity , authentication , confidentiality and nonrepudiation . These pillars are taken into account to protect systems while still allowing them to efficiently provide services; However, these pillars do not act independently from one another, rather they interfere with

SECTION 20

#1732855995567

1144-411: The "art of creating power." Eastern military philosophy dates back much further, with examples such as The Art of War by Sun Tzu dated around 500 B.C. Because counterterrorism involves the synchronized efforts of numerous competing bureaucratic entities, national governments frequently create overarching counterterrorism strategies at the national level. A national counterterrorism strategy

1196-550: The Nation of 22 October 1962: Rumelt wrote in 2011 that three important aspects of strategy include "premeditation, the anticipation of others' behavior, and the purposeful design of coordinated actions." He described strategy as solving a design problem, with trade-offs among various elements that must be arranged, adjusted and coordinated, rather than a plan or choice. Strategy typically involves two major processes: formulation and implementation . Formulation involves analyzing

1248-640: The Obama-era National Strategy for Counterterrorism (2011); and the National Strategy for Combatting Terrorism (2003). There have also been a number of ancillary or supporting plans, such as the 2014 Strategy to Counter the Islamic State of Iraq and the Levant , and the 2016 Strategic Implementation Plan for Empowering Local Partners to Prevent Violent Extremism in the United States . Similarly,

1300-471: The United Kingdom's counterterrorism strategy, CONTEST , seeks "to reduce the risk to the UK and its citizens and interests overseas from terrorism, so that people can go about their lives freely and with confidence." The essence of formulating competitive strategy is relating a company to its environment. Modern business strategy emerged as a field of study and practice in the 1960s; prior to that time,

1352-547: The actions of other players. Degrees of truth In classical logic , propositions are typically unambiguously considered as being true or false. For instance, the proposition one is both equal and not equal to itself is regarded as simply false, being contrary to the Law of Noncontradiction ; while the proposition one is equal to one is regarded as simply true, by the Law of Identity . However, some mathematicians, computer scientists, and philosophers have been attracted to

1404-452: The asset's stakeholders. The sum of the products of the threats' impact and the probability of their occurring is the total risk to the information asset. With the risk assessment complete, the IA practitioner then develops a risk management plan . This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats. A framework published by

1456-426: The basic requirements for strategy development include, among other factors: 1) extensive knowledge about the environment, market and competitors; 2) ability to examine this knowledge as an interactive dynamic system; and 3) the imagination and logic to choose between specific alternatives. Henderson wrote that strategy was valuable because of: "finite resources, uncertainty about an adversary's capability and intentions;

1508-537: The beginning information assurance involved just the backing up of data. However once the volume of information increased, the act of information assurance began to become automated, reducing the use of operator intervention, allowing for the creation of instant backups. The last main development of information assurance is implementing distributed systems for the processing and storage of data through techniques like SANs and NAS plus using cloud computing . These three main developments of information assurance parallel

1560-439: The demands arising from these interactions. To achieve this, organizations need to incorporate all interconnected systems into their decision-making processes, enabling the envisioning of complex socio-economic systems where they integrate in a stable and sustainable manner. This blend of proactivity and reactivity is fundamental to ensure the survival of the organization itself. Professor Richard P. Rumelt described strategy as

1612-470: The detriment of a particular patient. The pillar of availability refers to the preservation of data to be retrieved or modified from authorized individuals. Higher availability is preserved through an increase in storage system or channel reliability. Breaches in information availability can result from power outages, hardware failures, DDOS , etc. The goal of high availability is to preserve access to information. Availability of information can be bolstered by

Information assurance - Misplaced Pages Continue

1664-446: The end of war." B. H. Liddell Hart 's definition put less emphasis on battles, defining strategy as "the art of distributing and applying military means to fulfill the ends of policy". Hence, both gave the pre-eminence to political aims over military goals. U.S. Naval War College instructor Andrew Wilson defined strategy as the "process by which political purpose is translated into military action." Lawrence Freedman defined strategy as

1716-444: The enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment for those assets. Vulnerabilities in the information assets are determined in order to enumerate the threats capable of exploiting the assets. The assessment then considers both the probability and impact of a threat exploiting a vulnerability in an asset, with impact usually measured in terms of cost to

1768-413: The environment or situation, making a diagnosis, and developing guiding policies. It includes such activities as strategic planning and strategic thinking . Implementation refers to the action plans taken to achieve the goals established by the guiding policy. Bruce Henderson wrote in 1981 that: "Strategy depends upon the ability to foresee future consequences of present initiatives." He wrote that

1820-409: The essence of strategy as the activities to deliver a unique mix of value – choosing to perform activities differently or to perform different activities than rivals. while Max McKeown (2011) argues that "strategy is about shaping the future " and is the human attempt to get to "desirable ends with available means". Vladimir Kvint defines strategy as "a system of finding, formulating, and developing

1872-671: The form of maneuvers or any other act or process. The works of Stacey stand as pioneering efforts in applying complexity principles to the field of strategy. This author applied self-organization and chaos principles to describe strategy, organizational change dynamics, and learning. Their propositions advocate for strategy approached through choices and the evolutionary process of competitive selection. In this context, corrections of anomalies occur through actions involving negative feedback, while innovation and continuous change stem from actions guided by positive feedback. Dynamically, complexity in strategic management can be elucidated through

1924-405: The goal of the other pillars. These pillars of information assurance have slowly changed to become referred to as the pillars of Cyber Security. As an administrator it is important to emphasize the pillars that you want in order to achieve your desired result for their information system, balancing the aspects of service, and privacy . Authentication refers to the verification of the validity of

1976-399: The growth of telecommunication networks also comes the dependency on networks, which makes communities increasing vulnerable to cyber attacks that could interrupt, degrade or destroy vital services. Starting from the 1950s the role and use of information assurance has grown and evolved. These feedback loop practices were employed while developing WWMCCS military decision support systems. In

2028-427: The idea that a proposition might be more or less true, rather than wholly true or wholly false. Consider My coffee is hot . In mathematics , this idea can be developed in terms of fuzzy logic . In computer science , it has found application in artificial intelligence . In philosophy , the idea has proved particularly appealing in the case of vagueness . Degrees of truth is an important concept in law. The term

2080-403: The irreversible commitment of resources; necessity of coordinating action over time and distance; uncertainty about control of the initiative; and the nature of adversaries' mutual perceptions of each other." In game theory , a player 's strategy is any of the options that the player would choose in a specific setting. Any optimal outcomes they receive depend not only on their actions but also,

2132-408: The means (resources). Strategy can be intended or can emerge as a pattern of activity as the organization adapts to its environment or competes. It involves activities such as strategic planning and strategic thinking . Henry Mintzberg from McGill University defined strategy as a pattern in a stream of decisions to contrast with a view of strategy as planning, while Henrik von Scheel defines

Information assurance - Misplaced Pages Continue

2184-429: The model of "Symbiotic Dynamics" by Terra and Passador. This model conceives the social organization of production as an interplay between two distinct systems existing in a symbiotic relationship while interconnected with the external environment. The organization's social network acts as a self-referential entity controlling the organization's life, while its technical structure resembles a purposeful "machine" supplying

2236-429: The organization that results in actions in a socio-economic context. Crouch in 1998 defined the strategic problem as maintaining of flexible relationships that range from intense competition to harmonious cooperation among different players in a changing market. Despite being open to the idea of cooperation between players, this approach still considers that strategy is determined by market and organizational structure,

2288-444: The organizations themselves. Given this issue, the authors conclude that organizations intervening to maintain the environment's stability within suitable parameters for survival tend to exhibit greater longevity. The theory of Symbiotic Dynamics posits that organizations must acknowledge their impact on the external environment (markets, society, and the environment) and act systematically to reduce their degradation while adapting to

2340-399: The protection of information from unauthorized alteration. The goal of information integrity is to ensure data is accurate throughout its entire lifespan. User authentication is a critical enabler for information integrity. Information integrity is a function of the number of degrees-of-trust existing between the ends of an information exchange . One way information integrity risk is mitigated

2392-491: The sense of the " art of the general", which included several subsets of skills including military tactics , siegecraft , logistics etc., the term came into use in the 6th century C.E. in Eastern Roman terminology, and was translated into Western vernacular languages only in the 18th century. From then until the 20th century, the word "strategy" came to denote "a comprehensive way to try to pursue political ends, including

2444-401: The social system by processing resources. These intertwined structures exchange disturbances and residues while interacting with the external world through their openness. Essentially, as the organization produces itself, it also hetero-produces, surviving through energy and resource flows across its subsystems. This dynamic has strategic implications, governing organizational dynamics through

2496-428: The threat or actual use of force, in a dialectic of wills" in a military conflict , in which both adversaries interact. Strategy is important because the resources available to achieve goals are usually limited. Strategy generally involves setting goals and priorities, determining actions to achieve the goals, and mobilizing resources to execute the actions. A strategy describes how the ends (goals) will be achieved by

2548-417: The use of backup power , spare data channels , off site capabilities and continuous signal . Confidentiality is in essence the opposite of Integrity. Confidentiality is a security measure which protects against who is able to access the data, which is done by shielding who has access to the information. This is different from Integrity as integrity is shielding who can change the information. Confidentiality

2600-473: The use of a man-in-the-middle attack or phishing . As stated earlier the pillars do not interact independently of one another, with some pillars impeding on the functioning of other pillars or in the opposite case where they boost other pillars. For example, the increasing the availability of information works directly against the goals of three other pillars: integrity, authentication and confidentiality. The information assurance process typically begins with

2652-623: The utility of information to only their authorized users. Besides defending against malicious hackers and code (e.g., viruses ), IA practitioners consider corporate governance issues such as privacy , regulatory and standards compliance , auditing , business continuity , and disaster recovery as they relate to information systems. Further, IA is an interdisciplinary field requiring expertise in business , accounting , user experience, fraud examination, forensic science , management science , systems engineering , security engineering , and criminology , in addition to computer science. With

SECTION 50

#1732855995567

2704-408: The words "strategy" and "competition" rarely appeared in the most prominent management literature. Alfred Chandler wrote in 1962 that: "Strategy is the determination of the basic long-term goals of an enterprise , and the adoption of courses of action and the allocation of resources necessary for carrying out these goals." Michael Porter defined strategy in 1980 as the "...broad formula for how

#566433