NOTE: Free essay sample provided on this page should be used for references or sample purposes only. The sample essay is available to anyone, so any direct quoting without mentioning the source will be considered plagiarism by schools, colleges and universities that use plagiarism detection software. To get a completely brand-new, plagiarism-free essay, please use our essay writing service.
One click instant price quote
Running head: COUNTERINTELLIGENCE VS. INFORMATION ASSURANCE Counterintelligence vs. Information Assurance October 18, 2008 Counterintelligence vs. Information Assurance Introduction Every day organizations face various threats and risks placing the need to protect data high in the list.
Modern computing environments are often placed under attack from well-crafted exploits and malicious users. Therefore, these pervasive attacks place the companies under ongoing pressure to ensure appropriate protection of the mission-critical applications and infrastructures that are connected to the network. In addition to this, it should be also mentioned that the companies operate in highly competitive environments, therefore, they need to make essential efforts in order to prevent their competitors from successfully collecting intelligence against them, to protect their crucial processes and to reduce risks and potential threats (Calder, 2005). Therefore, the importance of counterintelligence and information assurance should not be underestimated, as they support management to protect intellectual property, business secrets and other important business information. The present paper examines the concepts of counterintelligence and information assurance, discusses the differences between them, and indicates how counterintelligence and information assurance could be used in the modern, corporate environment. Counterintelligence and Information Assurance Corporate counterintelligence is different from business intelligence and business espionage.
In business environment it is often used to protect crucial business information. In contrast to it, information assurance is the practice used in business organizations aimed to manage information-related risks. Information assurance, therefore, is mostly used to protect and defend information systems and information within the modern corporate environments by ensuring integrity, confidentiality, availability, authentication, and non-repudiation. It should be also mentioned that counterintelligence and information assurance are different concepts, both forms of which are effectively used within business companies for various purposes (Egan, 2005).
In contrast to corporate counterintelligence, information assurance is related to information security. Due to many similarities, these terms are often used interchangeably. Yet, it should be noted that information assurance also involves reliability and strategic risk management, thus, in addition to defense tools and strategies, information assurance involves other corporate governance issues, such as audits, compliance, disaster recovery, business continuity, and privacy, to mention a few. Unlike corporate counterintelligence, information assurance rests upon multiple fields, involving military science, forensic science, security engineering, systems engineering, criminology, and others (Cady & McGregor, 2002). Therefore, whereas corporate counterintelligence mostly involves protection of vulnerable and crucial business information by using preventive strategies and impeding competitors from collecting information and using it against the company, information assurance is more related to security issues.
Counterintelligence is widely used in modern, corporate environments, because information assurance is not enough to ensure appropriate and secure protection of information, because, in the vast majority of cases, information assurance security methods are not reliable enough to grant protection to the companys confidential information (Fugini & Bellettini, 2005). Guards, cameras, and other information assurance tools are relatively easily manipulated by competitors, who use corporate espionage and business intelligence. Therefore, the need for counterintelligence within modern, corporate environments is obvious. Both information assurance and corporate counterintelligence enhance the companys preparedness to counter business intelligence threats, especially when the company makes decision to find a new market or to change its operation, as it makes it to stay competitive (Andress, 2004).
The original concept of security, widely used in information assurance strategies, fails to completely protect the companies against attacks and threats. Security policies also are not very effective, as they fail to take into consideration all existing protection requirements (for example, defining what kind of important information the company has that would be worthwhile to its competitor) (Know your enemy: Learning about security threats, 2004). Therefore, both information assurance and corporate counterintelligence should be used to ensure effective protection of the companys important information and to reduce carelessness, complacency and ineffective security practices to the lowest possible minimum. Nowadays the companies operating in a highly competitive environment often fail to ensure adequate protection to the company's confidential information (e.
g. , information related to the companys infrastructure, internal communications, personnel records, reports, research, agreements, work procedures, supplier agreements and contracts, etc. ) and intellectual property (for example, various patents, pricing strategies, trade secrets, client and customer information, industry sources, various processes and formulas, to mention a few) (Corporate counterintelligence protecting business information, 2003). All this information is strategically important, and it is the main goal of business counterintelligence to protect this information from competitors and other unauthorized people, countering potential threats and enhancing company's security. In contrast to information assurance, which mostly deals with passive information protection, corporate counterintelligence protects information against illegal and aggressive collecting of information (business espionage) as well as against legal and open efforts undertaken by competitors that can cause harm to the business company and have potentially negative influence on the company's ability to compete in the market (Krutz & Vines, 2003). Information assurance and corporate counterintelligence can, therefore, be used to prevent illegal activities (for example, illegal collection of the information or electronic eavesdropping), spot danger signals and respond immediately, thoroughly control information the company encloses about itself in a legal way (for example, in publications, press releases, trade shows, etc. ) to ensure no critical data is disclosed, and to grant adequate protection to the areas, which are most vulnerable to the company, thus making difficult for the companys competitors to obtain strategically important information (Azari, 2003). While information assurance will mostly focus on the information assets to be protected, focusing on availability, confidentiality and integrity, corporate counterintelligence will focus on both active and passive strategies.
Passive counterintelligence will focus on preventing what a competitor may undertake and will include preventative and defensive countermeasures (e. g. , technical surveillance countermeasures, awareness briefings, penetration testing, or defensive programs) (Bishop, 2003). At the same time, active corporate counterintelligence strategies will be used when the hostile entity or threat to the company has been discovered and identifies. It will then investigate and perform various operations aimed to eliminate any dangerous action. In conclusion it may be said that existing protection and security measures are often not very effective. Many companies feel the need to ensure adequate protection of critically important information to remain competitive in the industry and to strengthen its overall position in the market.
Effective use of information assurance and corporate counterintelligence instruments in the modern, corporate environments will allow the company to retain its positions and to be one step ahead of its competitors. References Andress, A. (2004). Surviving security: How to integrate, people, process, and technology. Boca Raton, FL: CRC Press. Azari, R. (2003). Current security management & ethical issues of information technology.
Hershey, PA: IRM Press. Bishop, M. (2003). Computer security: Art and science. Boston: Addison-Wesley.
Cady, G. , & McGregor, P. (2002). Protect your digital privacy! Indianapolis, IN: Que. Calder, A. (2005). A business guide to information security: How to protect your company's IT assets, reduce risks and understand the law. Sterling, VA: Kogan Page.
Corporate counterintelligence protecting business information. (2003). Retrieved October 18, 2008, from web Egan, M. (2005). The executive guide to information security: Threats, challenges, and solutions. Indianapolis, IN: Addison-Wesley. Fugini, M. , & Bellettini, C. (2005). Information security policies and actions in modern integrated systems.
Hershey, PA: Idea Group Pub. Know your enemy: Learning about security threats. (2004). Boston: Addison-Wesley. Krutz, R. , & Vines, R. (2003).
The CISM prep guide: Mastering the five domains of information security management. New York: Wiley Pub.
Free research essays on topics related to: highly competitive, intellectual property, addison wesley, important information, information security
Research essay sample on Running Head Counterintelligence Vs Information Assurance
