Similarity and Dissimilarity between Information Security and Information Assurance
Authors
Nathaporn Utakrit, KMUTNB
Nattavee Utakrit, KMUTNB
The advent of the Internet completely upends the globe and, in just decades, have changed everything about how people communicate and share and exchange information by establishing and maintaining the trust of the sources and staying secure. Safeguarding and protecting information is necessary. This article presents the understanding of information assurance (IA) versus information security (InfoSec) concepts. The paper aims to clarify the meaning, elements, and dimensions of IA and InfoSec and the relationship between the disciplines. Clarity of the dimensions and purposes of IA and InfoSec is important because this understanding serves as a foundation for the definition of curricula for the IA and InfoSec study program, responsibilities of IA and InfoSec practitioners, and corporate strategy and policy. The authors aim to present the measurements of the terms. The proactive and relevant official standards will also be introduced in the paper.
InfoSec contains all the elements in IA. In other words, the elements of InfoSec all reside within the IA. Today, the distinct differences in IA versus InfoSec highlight the idea that the two fields deserve to be learned in independent subjects: IA is a manageable business approach which does not involve humans directly, and InfoSec is a practical approach which could happen to everybody who is unaware or is at risk. While IA focuses on the big business picture and seeks to know how a company uses information, how valuable it is to the company, and how exposed that information happens to be, InfoSec uses existing operating systems, applications, file systems, and hardware platforms to house and secure information at rest and in transit, or create new systems, or new ways of combining existing ones and carries out the IA professional crafted and budgeted to protect organization’s assets. That is why InfoSec is heard more often than the IA. However, working in both fields should not require the entire separation. IA and InfoSec should be parallelly applied into the organization’s context appropriately, whether small, medium, or large organization. It depends on the job description and responsibility to secure individual information and corporate information as a whole from unwanted risks systematically.
Full paper : Click here > https://ph01.tci-thaijo.org/index.php/IT_Journal/article/view/247231