Information Protection means protecting all layers of access to data not just a firewall. Information protection means having policies in place that protect physical access to data, limits personnel access, controls how data is used, how information is released and when. The technological safeguards is just one method of protection.
Another name for “information protection” is defense in depth. Its not enough to have a firewall and anti-virus. The more serious an organization is about their assets, the more serious they must be about information protection.

[…] assurance is not a comprehensive approach to information security. It included risk management, information protection, operational risk, business risk, assurance technology and much […]