Sample Foreword

Information Assurance (IA) is a combination of technologies and processes that are used to manage information-related risks. IA is not just about computer security, the protection of data in storage or while it is being processed; it is also about the protection of data in transit. IA is a composite field involving computer science, mathematics, database and network management, user training, and policy issues. A common objective of work on IA in these fields is to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation so that the right people can access the right information at the right time.

The Internet, social media, smart phones and tablet computers have been playing a larger role in our daily lives. The majority of computers, whether in large corporations, in small businesses, or at home, are connected together in a network that creates a global community. People have become increasingly dependent on computer networks in many aspects of their lives — from communication, entertainment and financial transactions, to education and government services. Most people understand that global economic infrastructure is becoming increasingly dependent upon information technology, and no information system is 100% secure. Information security is one of the topics that everyone knows of, but most are not really aware of the finer details. Many computer users simply think that their firewall and antivirus software provide them with all the protection they need to keep their computers secure. However, as malicious hackers become more resourceful, and users add more and more information into a growing number of databases, there exists an increased exposure to hacker attacks, information espionage, and other security breaches. Information systems—operated by governments and commercial organizations—are vulnerable to attacks and misuse through their Internet connections. Workstations connected to the Internet are currently the most common targets of malicious hackers. As a result, information assurance is a very serious concern for individuals, businesses, and governments. Not only do we need to be aware of how attacks are perpetrated, but we also need to learn how the systems can be protected against different attacks.

This book provides a valuable window on information assurance and covers the necessary components from detecting Internet worms distributed via e-mail to securing mobile communication devices. Firewalls are a critical technology to control incoming and outgoing network traffic, thereby blocking unwanted traffic and suspicious connections. They must be configured with a set of filtering rules and, like any software application, must be constantly patched to address new vulnerabilities. Authentication verifies the identity of each user or examines the validity of a device. Currently, passwords are the most commonly used authentication scheme. Because of its uniqueness, biometrics, such as fingerprint, iris or facial images, are becoming a promising means of authentication. Bill Gates predicted that biometric technologies will be one of “the most important IT innovations of the next several years” at a Gartner Group IT/Expo event held in 1997. In order to ensure the current user is the same person that logged onto the system, research efforts have been devoted to continuously verify the user’s identity using biometrics. Security and privacy are closely related. When developing an information security solution, we need to consider its impact on privacy and combine security risk assessment techniques with privacy risk assessment techniques. Risk assessment is a critical process to define both the probability and impact of undesired events. Its objective is not to eliminate the risk, but to provide the policy and methodology by which risks could be managed.

The challenges in information assurance are both difficult and interesting. People are working on them with enthusiasm, tenacity, and dedication to develop new methods of analysis and provide new solutions to keep up with the ever-changing threats. In this new age of global interconnectivity and interdependence, it is necessary to provide security practitioners, both professionals and students, with state-of-the art knowledge on the frontiers in information assurance. This book is a good step in that direction.

Author’s Name
Author’s Affiliation, Country

Author’s Bio

Last Updated May 21, 2014