| 翻訳と辞書 |
| Information assurance : ウィキペディア英語版 |
Information assurance
Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. It uses physical, technical and administrative controls to accomplish these tasks. While focused predominantly on information in digital form, the full range of IA encompasses not only digital but also analog or physical form. These protections apply to data in transit, both physical and electronic forms as well as data at rest in various types of physical and electronic storage facilities.
Information assurance as a field has grown from the practice of information security.
==Overview==
Information Assurance (IA) is the process of getting the right information, to the right people, at the right time. IA adds business benefit through the use of Information Risk Management, Trust Management, Resilience, appropriate Architecture, system safety and security, which increases the utility of information to authorized users, and reduces the utility of information to those unauthorized. It is strongly related to the field of information security, and also with business continuity. IA relates more to the business level and strategic risk management of information and related systems, rather than the creation and application of security controls. Therefore, in addition to defending against malicious hackers and code (e.g., viruses), IA practitioners consider corporate governance issues such as privacy, regulatory and standards compliance, auditing, business continuity, and disaster recovery as they relate to information systems. Further, while information security draws primarily from computer science, IA is an interdisciplinary field requiring expertise in business, accounting, user experience, fraud examination, forensic science, management science, systems engineering, security engineering, and criminology, in addition to computer science. Therefore, IA is best thought of as a superset of information security (i.e. umbrella term), and as the business outcome of Information Risk Management.
Information Assurance is also the term used by governments, including the government of the United Kingdom, for the provision of holistic security to information systems. In this use of the term, the interdisciplinary approach set out above is somewhat lessened in that, while security/ systems engineering, business continuity/ enterprise resilience, forensic investigation and threat analysis is considered, management science, accounting and criminology is not considered in developing mitigation to the risks developed in the risk assessments conducted. HMG Information Assurance Standard 1&2, which has replaced HMG Information Security Standard 2, sets out the principles and requirements of risk management in accordance with the above principles and is one of the Information Assurance Standards currently used within the UK public sector.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「Information assurance」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|