EPFL Logo
fr|en
Login
Concept

Information assurance

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security (i.e. umbrella term), and as the business outcome of information risk management. Information assurance (IA) is the process of processing, storing, and transmitting the right information to the right people at the right time. IA relates to the business level and strategic risk management of information and related systems, rather than the creation and application of security controls. IA is used to benefit business through the use of information risk management, trust management, resilience, appropriate architecture, system safety, and security, which increases the utility of information to only their authorized users. Besides defending against malicious hackers and code (e.g., viruses), IA practitioners consider corporate governance issues such as privacy, regulatory and standards compliance, auditing, business continuity, and disaster recovery as they relate to information systems. Further, IA is an interdisciplinary field requiring expertise in business, accounting, user experience, fraud examination, forensic science, management science, systems engineering, security engineering, and criminology, in addition to computer science. With the growth of telecommunication networks also comes the dependency on networks, which makes communities increasing vulnerable to cyber attacks that could interrupt, degrade or destroy vital services. Starting from the 1950s the role and use of information assurance has grown and evolved. These feedback loop practices were employed while developing WWMCCS military decision support systems.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.
Related courses (1)
COM-301: Computer security and privacy
This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.
Related lectures (7)
Security Testing and Spoofing
Covers security testing techniques, spoofing vulnerabilities, encryption bans, and network security properties.
Decentralized Systems Engineering
Explores the challenges and examples of decentralized systems like BitTorrent and Ethereum.
Network Security: Desired Properties and Solutions
Discusses the importance of network security properties and solutions to enhance overall security.
Show more
Related publications (8)

A review of the security vulnerabilities and countermeasures in the Internet of Things solutions: A bright future for the Blockchain

Jan Van Herle, Hossein Pourrahmani

The current advances in the Internet of Things (IoT) and the solutions being offered by this technology have accounted IoT among the top ten technologies that will transform the global economy by 2030. IoT is a state-of-the-art paradigm that has developed ...
2023

Machine Learning Security in Industry: A Quantitative Survey

Kathrin Grosse

Despite the large body of academic work on machine learning security, little is known about the occurrence of attacks on machine learning systems in the wild. In this paper, we report on a quantitative study with 139 industrial practitioners. We analyze at ...
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC2023

Digital Information Asset Evaluation: A Case Study in Manufacturing

Gianluigi Viscusi

The article discusses a model for information value assessment based on the concepts of information capacity, information utility, and information management costs. Notwithstanding that both state-of-the-art researchers and practitioners consider informati ...
2018
Show more
Related concepts (8)
ISACA
ISACA is an international professional association focused on IT (information technology) governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only. ISACA currently offers 8 certification program as well as other micro-certificates. ISACA originated in United States in 1967, when a group of individuals working on auditing controls in computer systems started to become increasingly critical of the operations of their organizations.
Threat (computer)
In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative "intentional" event (i.e. hacking: an individual cracker or a criminal organization) or an "accidental" negative event (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
Asset (computer security)
In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information. Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.
Show more

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.