Non-Technical Issues Affecting Information Assurance

Information assurance plays a critical role in securing the cyberspace that’s now so prevalent to organizational, governmental and social infrastructures. The Bureau of Labor Statistics reveals that the field of information security will rapidly expand at a 22 percent growth rate by 2020.

But for every benefit to the instant access of digital information comes an equally lurking threat from cyber criminals. Digital attacks continue to increase; requiring cybersecurity specialists to expand their technical skill sets beyond code and firewalls to secure information.

Advanced information assurance training requires the thorough understanding of how non-technical influences like legislation, organizations, behavior and economics affect the integrity of our global cyber systems.

Government Influence

Legislative efforts as well as government participation in information assurance are essential for security. The Department of Homeland Security (DHS) works with not only other government agencies, but also collaborates with the private sector to investigate attacks, issue alerts and provide education on cyber security.

This cross-sector coordination has helped to fortify the nation’s digital infrastructure. According to the DHS, a number of strategic partnerships has improved their incidence response times and capabilities.

The United States Computer Emergency Readiness Team (US-CERT) acts in accordance with the DHS’s mission to protect against security threats and share information that helps defend against risks. In 2011 alone, US-CERT efforts helped provide more than 5,000 security alerts and products vital to organizations.

Allied with the Department of Defense (DOD), the Department of Homeland Security has launched initiatives to protect the sensitive information of financial service providers and law enforcement. DHS has hosted simulation cyber attacks designed to help other agencies learn how to improve their potential infrastructure weaknesses.

Professionals with an information assurance degree must also ensure that in practice they comply with the regulations that govern the protection and disclosure of information systems.

For example, the National Institute of Standards and Technology (NIST) provides guidelines for IT officers to execute critical infrastructure needs, such as implementing security plans, creating cryptography measures and utilizing digital signatures.

The Budapest Convention on Cybercrime is another example of a measure that affects cybersecurity. This pioneering international treaty outlines processes to follow in the search for cybercrime and how to intervene while promoting global collaboration.

Organizational and Behavioral Issues

An organization’s weakness can open the door to security vulnerabilities. IT professionals may be put in a compromising position to prioritize system administrative tasks that are beneficial to a company’s bottom line over evaluating and proactively defending against security risks.

Human error within an organization can give cyber criminals an unfortunate edge; hackers can easily manipulate and expose employee weaknesses by delivering malicious code through email attachments. Social engineers may pose as administrators to phish account information. An InfoSecurity Europe survey found 90 percent of office workers unknowingly gave up their employee passwords for the opportunity to receive a free pen.

Employees can become another firewall layer for an organization when armed with the right tools. IT security officers can use education and training of employees alongside technology to thwart these subversive threats. These efforts may include strategic planning of policies, awareness and programming enforcement to minimize risks.

Navigating diplomacy with management is equally important to a cybersecurity specialist’s contribution to an organization. These IT experts may need to demonstrate why the security element of their job description is the most integral aspect of how they can help an organization establish smooth business operation.

Economic Implications

The economic impact of security breaches is a non-technical information assurance issue that cannot be ignored. The Ponemon Institute reports that the average cost of a digital security incident for an organization is approximately $5.5 million. These expenses may include, but are not limited to:

  • Discounts
  • Credit monitoring for customer retention
  • Security investigation
  • Correction of the security flaw by consultants

One way that information assurance experts can help organizations control costs is to establish security risk metrics. These measures provide a viable and visual way for IT security departments and organizational leaders to collaborate on decisions that determine agreeable levels of risk.

For example, IT security specialists can measure the time it takes to detect or remove unknown peripherals like USB flash drives or hard drives from the system’s network to better evaluate how fast a threat can be contained.

Additional examples may include metrics for patch deployment or password strength in order to test a system’s capability to defend against attacks.

These metrics can be directly connected to economic costs of a security breach, enabling information assurance professionals to work with organizations on how these technical implementations can preserve a system network. Metrics may also provide an organization a more accurate illustration on how tools and applications might offer a worthwhile investment to minimize potential security breach expenses.

Information Assurance: Not Just a Technical Field

The storage of digital information is an essential element to nearly every organization in the public and private sectors. Keeping that information safe from cyber criminals who may exploit it for ulterior motives takes more than skilled computer operation.

The complexity surrounding the information assurance field is evident in the government, organizational and economic demands that shape the management of networks.

Understanding government influences help to foster understanding of legal implications and enforcement while promoting cooperation in the security of critical infrastructures.

Developing the management and diplomacy skills needed to improve an organization’s security is also critical to its success. Lastly, integrating the technical metrics to the management of an organization can help lead to better security decisions.

Following national and international security systems recommendations, a master's degree in information assurance from Regis University online or on campus utilizes core classes and specialization courses in security and policy management that can seamlessly translate into on-the-job applications. By expanding on existing knowledge, the Regis University’s College of Computer and Information Sciences enables professionals seeking their masters to achieve the necessary graduate level education needed to bridge the technical and non-technical skills to keep our nation’s data safe. Regis is designated as a Center of Academic Excellence in Information Assurance Education by the National Security Agency and offers a Master of Science in Information Assurance degree. The curriculum is modeled on the guidelines and recommendations provided by The Committee on National Security Systems (CNSS) 4000 training standards, The (ISC)2 Eight Domains of Knowledge and ISACA.