top of page

Information Assurance vs Cyber Security

Individuals exploring Information Technology related roles often seek clarity between information assurance and cyber security. Although the names are continuously used interchangeably outside of the IT field, the two professions are different.

Information Assurance and Cybersecurity are among several techniques and methodologies used to help protect confidential information. We'll be diving deep into the difference between the two areas.

What is Information Assurance?

Information Assurance is a process adopted by organizations to secure and protect information systems and confidential information. Information assurance has a close relationship with risk management in which an organization can assess the information security risk posture of their environment. An organization can adopt information assurance techniques by identifying its information assets and applications that store and  process data by estimating the vulnerability of those information systems to cyberattack, in the form of disclosure (a loss of confidentiality), alteration (a loss of integrity), or interference (a loss of availability), and it quantifies the effect of those unwanted incidents.

Based on the outcome of the exercise, a risk assessment can guide an organization on the steps to take to gather financial resources and hire personnel’s to protect its information assets. Information assurance techniques such as compliance assessment and auditing frameworks are often used to assist an organization to measure the success of the security controls it has deployed to mitigate the risk identified.

Figure 1

The Five Attributes of IA

  1. Confidentiality

  2. Integrity

  3. Availability

  4. Authentication

  5. Nonrepudiation

Confidentiality: This is the Assurance that information is not disclosed to unauthorized individuals, processes, or devices.

Integrity: No unauthorized modification or destruction of information.

Availability: Reliable access to data and information services for authorized users.

Non-repudiation: Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.

Authentication: Designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information.

What is Cyber Security?

Although the phrase cyber security might be popular to those external to the information security world. It is not expansive and is known to be a subset of the meaning of information assurance. Cybersecurity mainly focuses on the protection of information technology systems and networks connected to the Internet. Cybercrime damages are projected to surpass a staggering $6 trillion by 2021. Thus, why financial institution, technology organizations, medical institutions and government agencies are investing in cybersecurity infrastructure to protect their organizations practices and customers data against cyber-attacks.

A strong cyber security infrastructure includes multiple layers of protection implemented within all aspect of an organization information technology assets such as Firewalls, antivirus software, anti-spyware software and password management tools to deter adversary attacks.

Figure 2

In summary, the difference between Information Assurance and Cyber Security is listed below:

Subscribe to our newsletter here

#cybersecurity #informationsecurity #securityengineer #career








bottom of page