Information Assurance (IA) refers to the steps involved in protecting information systems, like computer systems and networks. There are commonly five terms associated with the definition of information assurance:

• Integrity

Integrity ensures that information and associated systems can only be accessed or modified by those authorized to do so.

• Availability

Availability ensures information is ready for use by those that are allowed to access it and at a required level of performance.

• Authentication

Authentication ensures that users are who they say they are using methods such as individual user names, passwords, biometrics, digital certificates and security tokens.

• Confidentiality

Confidentiality limits access or places restrictions on information such as PII or classified corporate data.

• Nonrepudiation

Non-repudiation ensures that someone cannot deny an action, such as the receipt of a message or the authenticity of a statement or contract, because the system provides proof of the action.

IA is a field in and of itself. It can be thought of as a specialty of Information Technology (IT), because an IA specialist must have a thorough understanding of IT and how information systems work and are interconnected. With all of the threats that are now common in the IT world, such as viruses, worms, phishing attacks, social engineering, identity theft and more, a focus on protection against these threats is required. IA is that focus.