Information Assurance

Read Complete Research Material

INFORMATION ASSURANCE

Information Assurance

Abstract

In this global world enterprises and government agencies and even personal users have migrated to extremely network computing systems, with almost all significant functions dependent on computing resources. This evolution has brought about superior productivity, but at the same time has created noticeably elevated exposure to electronic attacks. Alarm over information assurance has never been higher, and the assortment of acknowledged threats is growing: unhappy insiders, viruses/ worms, corporate surveillance, script kiddies, cyber-terrorism, and information warfare in conflicts of the future. Information assurance issues have not only emerged in the civilian sector but also in the military sector therefore protecting our information systems and networks requires a multi-faceted approach that includes policy, procedures, trained personnel, as well as well engineered technical capabilities.

Information Assurance

The Information system has unleashed countless opportunities for Industrial growth, activity, new applications, laborsaving accomplishments, improving the quality of decisions and many others. At the same time, Information technology has spawned a whole new field of crime and generated a series of problems for both designers and users of information systems. One of the problems is the crime from misusing of information system. In the meanwhile, robust economic growth carries with it the potential for corruption. Evidence that this potential has become reality for many businesses can be found in a 2004 survey by the Computer Security Institute, which showed that 56% of businesses reported some form of unauthorized use of their information system. The same technology that is driving greater productivity is also facilitating large-scale financial fraud. The increasing number of technologically skilled individuals accessing a company's computer system increases the system's vulnerability to attack from within and without(Schneier, 2000).

It is obvious that the IS is now and always will be inexorably linked to our lives, and we have no choice but to accept this technology and learn how to harness its total potential. With any progressing technology, an unauthorized application can almost be found for it. A computer could and has been used for theft and fraud - for example, as a database and manager of illegal activities such as drug trafficking and pornography. (Goodman, Ramer, 2007)

There are two types of attacks involved in release of message contents and traffic analysis.

A release of message contents is easily understood . A telephone conversation, an electronic mail message, a transferred file may contain sensitive or confidential information.We would like to prevent the opponent from learning the contents of these transmissions.

        The second passive attack, traffic analysis is more subtle. Suppose that we had a way of masking the contents of messages or other information traffic so that opponent, even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be use full in guessing the nature of ...
Related Ads