Information Assurance technology is in growing demand as security takes center stage for information technology.
According to U.S. Bureau of Labor statistics, Information Security Analyst was among the fastest growing industries in the U.S. in 2012 and projected to grow another 30% by 2022 (bls.gov). Information Security Analysts work with information assurance technology. Assurance technology includes technologies like firewalls, intrusion prevention systems, security information & event management systems, web proxies, encryption systems, encryption software, authentication devices, vulnerability scanners, protocol analyzers, and many other devices specifically made to protect the confidentiality, integrity and availability of information. In defense these systems are known collectively as security products.
Information systems with security features built in are known as security-enabled devices. Examples would be operating systems, storage devices, internetworking devices such as switches and routers and any other device that can be locked down, secured and hardened with built in information assurance technology.
Assurance technology is evaluated to make sure the security features perform as the manufacturers intended. Typically, agencies, departments and organizations that maintain critical infrastructure make sure that the information assurance technologies that they choose are in the Common Criteria Evaluation database:
- http://www.commoncriteriaportal.org/products/
- https://www.niap-ccevs.org/
These are systems that have been vetted in a lab under very specific conditions. So under specified settings, and under specific conditions, an organization can operate these assured technologies with a high level of confidence.
Protection Profiles have a set of criteria to conduct security evaluation to determine the validity of vendors’ claims. The product is given a Evaluation Assurance Level (EAL) which is an assurance level between 1 and 7.
Choosing the right information assurance technology is covered in NIST 800-23, Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products. Assurance for U.S. defense technology used to be done with a policy called, Trusted Computer System Evaluation Criteria (TCSEC), DoDD 5200.28-STD (aka the Orange Book, AKA DITSCAP). It eventually got replaced with DoDD 8500.1 on October 24, 2002 and branched in DIACAP, which is NOW DIARMF! So you see DIARMF is all about not only assurance technology but how those technologies are used.
Works Cited:
U.S. Bureau of Labor Statistics. Fastest growing occupations. U.S. Bureau of Labor Statistics, http://www.bls.gov/emp/ep_table_103.htm date: Accessed: February 03, 2014
[…] More one Assurance Technology […]