Information Assurance Overview

Information Assurance Overview

Information Assurance Overview
The Information Assurance (IA) plan seeks to assure information and manage risks that pertain to the utilization, processing, storage, and broadcast of data or information and the systems and processes utilized for those purposes (Qian et al., 2017). Heavy Metal Engineering (HME) prioritizes the security of data. As such, the principles of information security (i.e., the CIA triad), inform our IA plan:
• Confidentiality-ensuring information is not revealed to unauthorized persons
• Integrity-maintaining and guaranteeing the preciseness and constancy of information over its whole lifecycle
• Availability-making sure that the information is available when and where it is required (Schou & Hernandez, 2018)
A plan or strategy for IA implementation
Essential to the HME strategy is offering a vigorous privacy and security program that cautiously considers data protection issues across services provided by the company, encompassing data submitted by clients.
Risk Mitigation Strategy
1. All facilities in the organization are safeguarded by:
• Intrusion detection
• Access control
• Video protection (CCTV)
2. Every HME staff employee is provided with a distinctive user account
3. Periodic training of employees-Network Administrators and System Administrators and individuals in charge of certain applications are regularly trained in best practices and how to mitigate security risks
4. All systems generate manufacturer-specific traceability logs which are often assessed to identify any unusual activities
An accrediting body
The accrediting body, in this case, is the National Institute of Standards and Technology
Incident response and disaster recovery plan
HME has several processes in place to respond to an incident and make sure that the disaster recovery plan is activated, which causes a rapid and effective re-establishment of services. Offsite and onsite backups, and secondary data centers’ availability, and support staff enable disaster recovery plans to be implemented rapidly and effectively in the event of a major disaster.

Qian, Y., Tipper, D., Krishnamurthy, P., & Joshi, J. (2017). Information assurance: Dependability and security in networked systems. Elsevier.
Schou, C., & Hernandez, S. (2018). Information assurance handbook: Effective computer security and risk management strategies. McGraw Hill Professional.