Information Assurance

The United States Government considers information assurance to be one of its most important objectives. In almost every government department or agency, information assurance has become synonymous for the safe, private, secure method of sending, receiving, interpreting and facilitating the use of any data. For the government, the question of why information assurance is important has already been answered. There can be no compromises whatsoever where sensitive or classified information may be at risk. If you work for a private company, the lines become more blurred.

It is less difficult for most of us to determine a need for information assurance when national security issues are involved. In private industry, we actually conduct ourselves in a few similar ways to some government activities, but do not realize or identify it as such. Some examples are:

• We sequester ourselves in private, behind closed door places with selected individuals almost every day. We do this to segregate the access to information we wish to share and meet upon.
• The ability to gain access to many types of records or documents is protected to ensure that only those who have been entrusted may have rights to those files. This is certainly true of personnel, medical, legal and financial records in virtually every company.
• Some entity within the organization has overriding authority over all data and has unfettered access as well. This authority is typically granted based on the need to properly monitor and organize technology resources.
• Most people are generally aware of what information may be shared with others and what may not. The need to know and right to know are loosely intuitive.

Why would private companies need the stringent policies that information assurance would dictate? These organizations are subject to the restricting access to sensitive information also. For example, how do you restrict access to that new compensation plan just adopted by senior management - the same one that is awaiting approval from the Board of Directors? Or in the case of health care for your employees, who has access to these private records?

Information Assurance Policy

All of these and many other questions might be answered if a comprehensive set of policies and procedures had been defined, prepared and initiated with the objective being Information Assurance. Start with the one objective you are most likely to achieve quickly by asking the following question: What is the single most important, valuable, sensitive, damaging, compromising, strategically competitive, private or privileged piece of information in my custody? Once answered, ask yourself these six questions:

1. Who presently has access to this information?
2. Why was permission granted to that person(s)?
3. Who actually should have rights to this data, and are these the same people who do, in fact, presently have such rights?
4. How do I insure that, in the future, only those with proper authority receive access and those without authority are denied such access?
5. When shall rights to this information be granted/denied?
6. Who will become the administrator and security official in charge of these assignments?

Now, the process is in place and the procedures need only be enacted as soon as possible. This is a first step in protecting the integrity of this single identified asset. This information has now been assured.

Collaborating on Sensitive Information with VIA3

VIACK® is the company behind the VIA3® Assured Collaboration Service, the only complete, fully secure, end-to-end encrypted online collaboration and communications solution from the desktop. VIA3 enables business and government professionals to exchange information and facilitate online sessions with colleagues and clients anywhere, working together as easily and effectively as if they were in the same conference room. Services include toll-quality audio, video, IM, information sharing, and secure file storage.

Related links:
How VIA3 is used in government
Government certifications
About VIA3 security