Computers have become a massive boost in productivity, learning, and entertainment over the past few decades, but that same boost has empowered the digital risks. More benefits and risks are discovered every day, and while some professionals need to research the newest changes, someone needs to figure out what to do with all of that information. Here are a few Information Assurance career details to understand where these policymakers and inspectors fit in the tech world.
What's The Difference Between IA and IS?
It can be hard to understand the difference between Information Assurance (IA) and Information Security (IS). This is because Information Assurance was once a collateral duty of certain Information Security professionals. It's not a unique split; Information Security itself is a specialization the split out of necessity that takes from general system administration, networking, and analyzing programs to see how they work.
The issue is that some tasks need a closer look and a full-time professional. Information Assurance jobs have some heavy responsibility when it comes to designing new Information Security policies, figuring out how those policies work for all assets, implementing the policies, and making sure that the policies are being followed.
IA tasks are largely about creating rules for how systems should be used to protect overall security, then monitoring and auditing the systems to make sure everyone is following those rules. Information Security is more the active protection and attacking arm, involved in looking for the actions of hackers or badly-behaving users, figuring out what the newest threats are, and sometimes becoming hackers against adversaries.
There's no problem with learning a little bit from each side of the IA/IS divide, as well as other parts of Information Technology (IT) and Computer Science (CS). Just know that the specialization exists, and if you find that the IA tasks are up your alley, you can get a job doing nothing but those tasks. It's more than a full-time job at many bigger companies or organizations.
What Are The Major IA Tasks?
The realm of IA is mostly about existing threats and the security of the system. IA professionals have an existing set of risks, and their job is both making sure that they develop and review plans to mitigate these risks while making sure current plans are being followed.
At the director-level of IA, professionals work with Information Security professionals to discuss which threats are currently attacking systems. The directors approve which policies move forward, and have the authority to direct other departments for computer security best practices.
The senior-level IA analysts begin their job at this level, sometimes with the assistance of directors--after all, it's easier to brief CEOs and politicians as a director if you keep a little hands-on knowledge as the years go by. Analysts will mull over the new threats, figure out how they work, what they affect, and pinpoint existing plans.
Excessive, overlapping plans lead to confusion and apathy. New policies should only occur with truly new/different threats, since these policies aren't just for professional IT's; people with no computer skills--or little care about security--need to follow as well.
Finally, the ground level IA analysts will send out policy changes and perform audits, usually with automated systems to check for digital policies. Physical policies such as looking for users who write their passwords on sticky notes or using unauthorized equipment that isn't connected to computers such as cameras and microphones are handled by trained inspectors.
I'm Tom Doberstein. I have to make a confession: I am absolutely addicted to social media. And that has been an excellent thing for me because this addiction has helped me become an expert in social media marketing. I never meant to become an expert in this subject, but I just couldn't help but strike up conversations with some of my favorite brands. Some of the conversations I have had with my favorite brands through social media have been very entertaining and have made me develop an interest in the ways that businesses can use social media and other Internet tools to promote their businesses.