Running head: COUNTERINTELLIGENCE VS. INFORMATION ASSURANCE Counterintelligence vs. Information Assurance October 18, 2008 Counterintelligence vs. Information Assurance Introduction Every day organizations face various threats and risks placing the need to protect data high in the list. Modern computing environments are often placed under attack from well-crafted exploits and malicious users. Therefore, these pervasive attacks place the companies under ongoing pressure to ensure appropriate protection of the mission-critical applications and infrastructures that are connected to the network. In addition to this, it should be also mentioned that the companies operate in highly competitive environments, therefore, they need to make essential efforts in order to prevent their competitors from successfully collecting intelligence against them, to protect their crucial processes and to reduce risks and potential threats (Calder, 2005).
Therefore, the importance of counterintelligence and information assurance should not be underestimated, as they support management to protect intellectual property, business secrets and other important business information.
The present paper examines the concepts of counterintelligence and information assurance, discusses the differences between them, and indicates how counterintelligence and information assurance could be used in the modern, corporate environment. Counterintelligence and Information Assurance Corporate counterintelligence is different from business intelligence and business espionage. In business environment it is often used to protect crucial business information. In contrast to it, information assurance is the practice used in business organizations aimed to manage information-related risks. Information assurance, therefore, is mostly used to protect and defend information systems and information within the modern corporate environments by ensuring integrity, confidentiality, availability, authentication, and non-repudiation. It should be also mentioned that counterintelligence and information assurance are different concepts, both forms of which are effectively used within business companies for various purposes (Egan, 2005).
The Research paper on Information technology in business environment
The business environment is becoming increasingly competitive. Information technology is now providing business entities with basic as well as progressive business tools that will enable them to improve their financial performance, efficiency, and its use of the organisation central operational resource and staff members. Adoption of computerised system is vital to the businesses entities that ...
In contrast to corporate counterintelligence, information assurance is related to information security. Due to many similarities, these terms are often used interchangeably. Yet, it should be noted that information assurance also involves reliability and strategic risk management, thus, in addition to defense tools and strategies, information assurance involves other corporate governance issues, such as audits, compliance, disaster recovery, business continuity, and privacy, to mention a few. Unlike corporate counterintelligence, information assurance rests upon multiple fields, involving military science, forensic science, security engineering, systems engineering, criminology, and others (Cady & McGregor, 2002).
Therefore, whereas corporate counterintelligence mostly involves protection of vulnerable and crucial business information by using preventive strategies and impeding competitors from collecting information and using it against the company, information assurance is more related to security issues. Counterintelligence is widely used in modern, corporate environments, because information assurance is not enough to ensure appropriate and secure protection of information, because, in the vast majority of cases, information assurance security methods are not reliable enough to grant protection to the companys confidential information (Fugini & Bellettini, 2005).
The Research paper on Case study on Implementation of quality systems through information technology systems in Athal Company
Case study on Implementation of quality systems through information technology systems in Athal Company Introduction Athal is a service offering company that was established in 1980. It offers inspection, testing, consulting, and quality control services. The company offers services to different companies in different industries through its 15 branches in United Kingdom. The company ...
Guards, cameras, and other information assurance tools are relatively easily manipulated by competitors, who use corporate espionage and business intelligence. Therefore, the need for counterintelligence within modern, corporate environments is obvious.
Both information assurance and corporate counterintelligence enhance the companys preparedness to counter business intelligence threats, especially when the company makes decision to find a new market or to change its operation, as it makes it to stay competitive (Andress, 2004).
The original concept of security, widely used in information assurance strategies, fails to completely protect the companies against attacks and threats. Security policies also are not very effective, as they fail to take into consideration all existing protection requirements (for example, defining what kind of important information the company has that would be worthwhile to its competitor) (Know your enemy: Learning about security threats, 2004).
Therefore, both information assurance and corporate counterintelligence should be used to ensure effective protection of the companys important information and to reduce carelessness, complacency and ineffective security practices to the lowest possible minimum. Nowadays the companies operating in a highly competitive environment often fail to ensure adequate protection to the company’s confidential information (e.g., information related to the companys infrastructure, internal communications, personnel records, reports, research, agreements, work procedures, supplier agreements and contracts, etc.) and intellectual property (for example, various patents, pricing strategies, trade secrets, client and customer information, industry sources, various processes and formulas, to mention a few) (Corporate counterintelligence protecting business information, 2003).
All this information is strategically important, and it is the main goal of business counterintelligence to protect this information from competitors and other unauthorized people, countering potential threats and enhancing company’s security.
The Term Paper on Information System Security Principles
Availability Availability assures that a system’s authorized users have timely and uninterrupted access to the information in the system and to the network. Other important terms Also important to network security are the following four C-I-A–related terms: ? Identification—The act of a user professing an identity to the system, such as a logon ID ? Authentication—Verification that the user’s ...
In contrast to information assurance, which mostly deals with passive information protection, corporate counterintelligence protects information against illegal and aggressive collecting of information (business espionage) as well as against legal and open efforts undertaken by competitors that can cause harm to the business company and have potentially negative influence on the company’s ability to compete in the market (Krutz & Vines, 2003).
Information assurance and corporate counterintelligence can, therefore, be used to prevent illegal activities (for example, illegal collection of the information or electronic eavesdropping), spot danger signals and respond immediately, thoroughly control information the company encloses about itself in a legal way (for example, in publications, press releases, trade shows, etc.) to ensure no critical data is disclosed, and to grant adequate protection to the areas, which are most vulnerable to the company, thus making difficult for the companys competitors to obtain strategically important information (Azari, 2003).
While information assurance will mostly focus on the information assets to be protected, focusing on availability, confidentiality and integrity, corporate counterintelligence will focus on both active and passive strategies. Passive counterintelligence will focus on preventing what a competitor may undertake and will include preventative and defensive countermeasures (e.g., technical surveillance countermeasures, awareness briefings, penetration testing, or defensive programs) (Bishop, 2003).
At the same time, active corporate counterintelligence strategies will be used when the hostile entity or threat to the company has been discovered and identifies. It will then investigate and perform various operations aimed to eliminate any dangerous action.
In conclusion it may be said that existing protection and security measures are often not very effective. Many companies feel the need to ensure adequate protection of critically important information to remain competitive in the industry and to strengthen its overall position in the market. Effective use of information assurance and corporate counterintelligence instruments in the modern, corporate environments will allow the company to retain its positions and to be one step ahead of its competitors. References Andress, A. (2004).
The Essay on Information Security 2
Information Security is a fundamental function of any organization expecting to be competitive in the global market. As more and more developing countries make the leap into capitalism, competiveness will only become more essential. With Asian nations like China, Korea and India stepping up to make their presence noticed taking more of the market share than ever before other organizations must ...
Surviving security: How to integrate, people, process, and technology. Boca Raton, FL: CRC Press.
Azari, R. (2003).
Current security management & ethical issues of information technology. Hershey, PA: IRM Press. Bishop, M. (2003).
Computer security: Art and science. Boston: Addison-Wesley.
Cady, G., & McGregor, P. (2002).
Protect your digital privacy! Indianapolis, IN: Que. Calder, A. (2005).
A business guide to information security: How to protect your company’s IT assets, reduce risks and understand the law. Sterling, VA: Kogan Page. Corporate counterintelligence protecting business information.
(2003).
Retrieved October 18, 2008, from http://www.cbr.co.za/regular.aspx?pklRegularId=139 0 Egan, M. (2005).
The executive guide to information security: Threats, challenges, and solutions. Indianapolis, IN: Addison-Wesley. Fugini, M., & Bellettini, C. (2005).
information security policies and actions in modern integrated systems. Hershey, PA: Idea Group Pub. Know your enemy: Learning about security threats. (2004).
Boston: Addison-Wesley. Krutz, R., & Vines, R. (2003).
The CISM prep guide: Mastering the five domains of information security management.
New York: Wiley Pub..
