INFORMATION ASSURANCE & SECURITY
Presented by: Warlaw Tuliao
Information Assurance
-Measures that protect and defend information
and information systems by ensuring their
availability, integrity, confidentiality,
authentication and non-repudiation.
Availability: timely, reliable access to data and information services for authorized
users
Integrity: protection against unauthorized modification or destruction of
information
Confidentiality: Assurance that information is not disclosed to unauthorized
persons.
Non-repudiation Authentication: Assurance that the sender is provided with proof
of data delivery and recipient is provided with proof of the sender’s identity, so
that neither can later deny having processed the data.
Authentication: Security measures to establish the validity of a transmission,
message or originator.
Information Security is a Subdomain of Information
Assurance
 Confidentiality: refers to an organization’s efforts to keep
their data private or secrets.
 Integrity: ensuring that data has not been tampered with
and, therefore, can be trusted.
 Availability: ensures that authorized users have timely,
reliable access to resources when they are needed.
Information Protection
- refers to the process of safeguarding information
from unauthorized access, use, disclosure, disruption,
modification, or destruction. It is essential to protect
information to ensure confidentiality, integrity, and
availability of the information.
Cybersecurity
- is the practice of protecting computer systems,
networks, and digital assets from theft, damage,
unauthorized access, and other malicious activities
that could compromise their confidentiality, integrity,
and availability
 Business enabler
- a business enabler is any technology, process, or policy
that enables an organization to achieve its business
objectives while maintaining the security and confidentiality
of its sensitive data and information. Business enablers help
organizations to be more efficient, effective, and
competitive while ensuring that their information assets are
protected
Cost-effective and cost-beneficial
- refer to approaches to securing an organization's
information assets that balance the need for security
with the cost of implementing security measures.
Both approaches aim to minimize the total cost of
ownership while maximizing the effectiveness of the
security controls implemented
Robust Approach
- refers to a comprehensive and proactive strategy for
ensuring the security, integrity, and availability of
sensitive data and information. This approach involves
implementing multiple layers of security controls,
regularly testing and validating those controls, and
continuously monitoring for threats and vulnerabilities.
 Reassessed Periodically
- refers to the process of reviewing and evaluating an
organization's security controls and practices periodically to
ensure that they remain effective and up-to-date. This process
helps organizations identify new threats and vulnerabilities,
adapt to changes in their operating environment, and ensure
that their security practices align with changing business
needs.
Restricted by Social Obligations
- refers to situations where an individual or organization
is constrained by social norms, values, and expectations
when making decisions about information security.
These social obligations may arise from cultural, ethical,
or legal norms and can impact the way that individuals
and organizations approach information security.
THANK YOU!