Information assurance (information protection) refers to the practice of defending and protecting information from manipulation, destruction, or theft by guaranteeing its nonrepudiation, availability, confidentiality, authentication, and integrity. The five are information assurance pillars in user data protection and defense. Integrity involves ensuring that no one interferes with the information system. Availability guarantees that information is accessible to the intended users that are permitted to have dependable information system access promptly. Authentication involves guaranteeing that users are who they claim they are. Confidentiality guarantees that information remains private. Nonrepudiation guarantees that the data sender is offered delivery proof from the recipient (Sadiku et al., 2017).
Information assurance developed from the information security practice. It plays an essential role in e-Government, e-commerce, and e-business networked infrastructure. Information assurance is also an interdisciplinary field that needs expertise in law, criminology, computer science, forensic science, systems engineering, information security, and risk management. It plays an essential role in information infrastructure which supports national security, commerce, health care, telecommunications, and banking. According to Sadiku et al. (2017), compared to information security, information assurance is extra inclusive as it involves not just detection and protection but also the dependability and survivability of information systems that have experienced successful attacks in the past. Information assurance entails all of the technologies and individuals used to guarantee that the base pillars are content across the information system lifecycle. The five pillars are interdepended such that interaction among them can cause problems. For instance, availability brings about conflicts with around three of the remaining four pillars including authentication, integrity, and confidentiality (Sadiku et al., 2017).
Information security management systems (ISMS) are part of the general management system, founded on a business risk approach to monitor, establish, review, implement, maintain, operate, and enhance information security. The ISMS’s main principle is that information pertinent to information assurance should be placed under one roof in an organization. It ensures that an organization has a good security system that is well documented, guided by policies, and easy to practice to guarantee information assurance (Alexander et al., 2020). Information security is wider than information assurance as it looks upon all aspects of system security, information assurance included. It ensures the entire information system is secure from the initial part of an operation to the last. Information assurance is somehow confined in information security management, as information security management centers on safeguarding the information systems and information from unauthorized modification, access, destruction, use, disruption, or disclosure to offer availability, integrity, and confidentiality. Information assurance offers controls, which are activities that are adapted to control identified risks in the information system. These controls can include risk avoidance, risk reduction, risk transfer, and risk acceptance. The form of control adopted depend on the situation at hand (Alexander et al., 2020).
Information security management focuses on ensuring the effective operation of information systems to promote information assurance. It can thus be regarded as an enabler of information assurance. It ensures the information in an organization is easily and freely available as it is necessary, practical, and possible. It applies an assurance rule to control information security, among other security measures in promoting general information system security. It ensures control of data at a different level based on the degree of authorization, it ensures all security measures including system audits are embraced to ensure the system is free from all forms of attacks. This means other than ensuring information assurance, it ensures all information security measures have been upheld. It can therefore be concluded that information assurance is a sub-set of information security management (Alexander et al., 2020).
The two papers center more on information assurance. The most relevant information is that information assurance is a subset of information security management, and it is very critical in making reliable information security management decisions. An effective information assurance approach needs a continuous assessment of changing cyber threats and the application of international standards in monitoring security systems and managing risks. Information assurance has been associated with five pillars that include authentication, availability, confidentiality, integrity, and nonrepudiation of systems and information. these measures might integrate offering information system restoration by including reaction, detection, and protection abilities. Information security centers on ensuring the information system and information are protected to guarantee information assurance. The system must be safeguarded from disruption unauthorized access, misuse, destruction, unauthorized modification, and unauthorized disclosure, to be able to offer availability, integrity, and confidentiality (Sadiku et al., 2017).
To attain this, information management systems must ensure the implementation of authorized international and national security standards. These standards normally center on ensuring information assurance (Alexander et al., 2020). However, they should be implemented through information system management. This is one factor that makes information assurance a subset of information security management. Information security management helps in ensuring effective system operations. By embracing effective information security management, an organization gets a guarantee that its system will be managed and developed in a manner that it will be able to acquire information assurance.