Theoretical Background:

Information Assurance concerns itself with implementing measures focused at protection and safeguarding of critical information and relevant information systems by assuring the integrity, availability, authentication, confidentiality and non-repudiation. The measures also provides for restoring information systems after an attack by putting in place proper protection, detection and reaction abilities.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data.[1] It uses physical, technical, and administrative controls to accomplish these tasks. While focused predominantly on information in digital form, the full range of IA encompasses not only digital, but also analog or physical form. These protections apply to data in transit, both physical and electronic forms, as well as data at rest in various types of physical and electronic storage facilities. Information assurance as a field has grown from the practice of information security

Lab Exercise 1: You are working for a multi-national bank. As an Information Security analyst your task is to develop an Information Assurance Baseline for the bank

1. INTRODUCTION

Highlight the vision and mission of your organization

2. Controls

2.1 Control Classifications Types of controls their purpose and classification

2.2 Control Types Administrative, Technical and procedural

3. MANAGEMENT CONTROLS

3.1 Information Security Policy Importance to Security

3.2 Information Security Infrastructure Example SOC.

2. OPERATIONAL CONTROLS/TECHNICAL CONTROLS

4.1 List of Technical controls