computer security to security intelligence

Last week I attended the Information Assurance Advisory Council (IAAC) workshop held at the BCS Office in London. The workshop papers will be published at the IAAC site. The main topic was ‘Consumerism: Same old IA Issues … or not?’.  The presentations were diverse and the attendees’ perspectives were diverse too. A pity I had to leave just before the closing remarks and missed the concluding of the workshop.

The definition of information assurance is given as ‘Information Assurance (IA) is the confidence that the information assets within an organisation are reliable, accurate, secure and available when required’. Worth noting that in ediscovery, the confidence that information is available when required is not assured.

It seems (to me) that IA is not a common or widely understood or used term in the business or corporate world at large. Similarly in the software development world, IA is not part of the design vocabulary. I wonder why…

According to Prof Brian Collins (one of the presenters), IA started life as computer security. To me, the term computer security itself is now replaced (or misplaced?) by cyber security. One of the unintended consequence with the consumerism (of IT), which I refer to as the exploitation of IT, is that the knowledge gap between the consumers of IT and exploiters of IT is blurring at the vast sea of information. It is blurring as information is branded under business intelligence or security intelligence or even cyber intelligence. Where is IA?

Also, watch out for term such as ‘people assurance’ (as mentioned by Prof Brian Collins). How to strike a balance between people assurance and information assurance?
The IAAC workshops and seminars are worth watching out for, even though I am clueless on ‘people assurance’. Perhaps the clues are in the previous workshops/seminars.

Post a Comment

You must be logged in to post a comment.