- "Information Security Analysts," U.S. Bureau of Labor Statistics, Accessed April 24, 2015, http://www.bls.gov/soc/2010/soc151122.htm
- "Information Security Analysts," U.S. Bureau of Labor Statistics, Accessed April 24, 2015, http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
- "Database Administrators," U.S. Bureau of Labor Statistics, Accessed April 24, 2015, http://www.bls.gov/ooh/computer-and-information-technology/database-administrators.htm
- "Computer and Information Research Scientists," U.S. Bureau of Labor Statistics, Accessed April 24, 2015, http://www.bls.gov/ooh/computer-and-information-technology/computer-and-information-research-scientists.htm
- "Computer Support Specialists," U.S. Bureau of Labor Statistics, Accessed April 24, 2015, http://www.bls.gov/ooh/computer-and-information-technology/computer-support-specialists.htm
- "15-1143 Computer Network Architects," U.S. Bureau of Labor Statistics, Occupational Employment Statistics, May 2014, http://www.bls.gov/oes/current/oes151143.htm
- "Network and Computer Systems Administrators," U.S. Bureau of Labor Statistics, Accessed April 24, 2015, http://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm
- "Computer and Information Systems Managers," U.S. Bureau of Labor Statistics, Accessed April 24, 2015, http://www.bls.gov/ooh/management/computer-and-information-systems-managers.htm
- "11-3021 Computer and Information Systems Managers," U.S. Bureau of Labor Statistics, May 2014, http://www.bls.gov/oes/current/oes113021.htm
What Does it Mean to Study Information Assurance?
Nearly every aspect of society today depends on computer systems: transportation, communication, banking, and manufacturing, to name a few. However, this infrastructure of computerized systems is increasingly under threat of attack from viruses, worms, hackers and information thieves.
Businesses and government agencies need to protect their systems. A computer worm or virus can cause delays and cost money, but information theft can be disastrous. Business information that is stolen from computers can be used to steal money from private accounts or reveal trade secrets. It has even been used to blackmail businesses and individuals. If information is obtained from government sites, the results can have even more dire consequences.
Information assurance is the process of protecting data from misuse by people inside or outside a business or organization. This misuse might come from a hacker or corporate spy, but it can also come from a current or former employee who might want to sabotage a computer database. It is the job of the information assurance professional to create a system designed to prevent this from happening.
Definitions of information assurance emphasize that:
- Information is available when needed
- Integrity of the information is sound
- Authenticity can be verified
- Information is kept confidential
- Proof of the integrity and the origin of the data can be supplied
What Does an Information Assurance Graduate Do?
The information assurance professional should be knowledgeable in several aspects of computer technology. One of the most fundamental areas of expertise is computer network design and infrastructure. In creating or working with a network design, the professional must understand the needs and business objectives of the client. Some networks are local, to be used only within the organization itself. Other networks are widespread, used by customers across the country or around the world. With this in mind, the network is designed to accomplish the goals of the organization while protecting the core information.
Cryptography is included as a part of this security design. Cryptography has long been used as a means translate data a form that is nearly impossible to read without the correct key. This process typically uses mathematical algorithms to encrypt the data. Cryptographic mechanisms are regularly used to control access to such things as a shared disk drive or even pay-per-view television channels.
Information assurance professionals must also be knowledgeable in intrusion detection and control, which is the art of discovering if an inappropriate activity has occurred. Intrusion detection is not a security system. Instead, it inspects all inbound and outbound network activity to identify suspicious patterns that may indicate someone is attempting to break into or compromise a computer system.
Another aspect of the information assurance process involves creating a system that requires user authorization and authentication. This is granting or denying access to a network resource. Authentication makes certain that users are who they claim to be. Authorization allows the user access to various resources based upon proof the user's identity.
If an organization's data center is compromised, the information assurance process is responsible for data integrity and recovery. The data can be compromised by human error, system crashes, software bugs or viruses, and even natural disasters such floods or fires. Regardless of the size of the organization, the information is valuable and must be recovered whenever possible. This can be accomplished through backup systems, or with special software products designed to help salvage data or damaged disks and tapes.
The information assurance specialist is involved with all these technical aspects, but they are involved in the organizational functions of creating a security policy for the organization and making sure that people within the organization adhere to it. They should be familiar with national and state laws that regulate privacy concerns and electronic commerce.
Trends in Information Assurance Careers
The federal government and the Department of Homeland Security have made information protection a matter of national security, and that is not limited to just the government information. Access to private data and sensitive business details could create security problems. Therefore, despite any downturns in the information technology economy, the market for information assurance and other computer security personnel is likely to remain strong. A shortage of qualified people to take on the roles of information assurance has led several colleges to create new programs or specialties dedicated to helping meet the demand.
Career Education in Information Assurance
Anyone with an interest in computer technology can be accepted into a college computer science program. Those programs that have a specialty in information assurance might have a grade point average or SAT score requirement. Programs that offer a master's degree generally want students who have completed an undergraduate degree in computer science or something similar.
A broad knowledge of computer hardware and software is important, so high school students should take as many computer classes as possible. Mathematical and analytical skills are useful traits in information assurance. Problem-solving courses that include math and algebra can be beneficial, as will classes that emphasize communication skills such as writing and public speaking because of the need to pass along vital information to others.
Is an Advanced Degree Needed to Work in Information Assurance?
The current demand for specialists with information assurance skills means graduates with a bachelor's degree in computer science and experience can find employment. However, information assurance jobs typically demand knowledge above and beyond a general computer background. Some programs offer certificates in the specialty, which is helpful. However, more schools are offering programs at the master's degree level.
What Can You Do With a College Degree in Information Assurance?
Information assurance positions are among the most demanding of the computer specialties. Employers prefer people who have at least a bachelor's degree, possibly with a concentration in information assurance. In addition, a broad background and extensive experience is generally helpful. Some employers ask for a graduate degree as well.
Individuals interested in information assurance jobs must be able to communicate effectively with team members, other staff, and customers. They can be involved with a number of tasks simultaneously, so they need the ability to concentrate and pay attention to detail. Some employers, especially government agencies, might require a security clearance before hiring someone for such a sensitive position. A background check is required in such circumstances, so it is important to have a clean record.
Information assurance jobs at major firms are rarely entry-level positions. Often, the people who fill these jobs will have years of computer experience and advance into the position or take classes to become more familiar with the requirements. As education catches up with demand, students might have more of an opportunity to move into these positions at smaller companies. As they gain experience, they can move into the more demanding and higher-paid positions.
Information Assurance Career Paths
Information assurance professionals might start in other computer-related careers before advancing up the ladder. A few of these job titles and responsibilities include:
Computer Security Specialist
Many basic duties of a computer security specialist might overlap with those of an information assurance specialist. Security specialists in some organizations plan, coordinate, and implement the organization's information security. Their responsibilities could include educating users on computer security, installing security software, monitoring the network for security breaches, and responding to hacker attacks. Security specialists might also be asked to gather data and evidence for prosecuting a crime. They might work for smaller companies. According to the U.S. Bureau of Labor Statistics (BLS), computer security specialists earned a median salary of $88,890 in 2014.
Database administrators set up computer databases, organize and store data, and test and coordinate changes to the databases. If they are responsible for the design and implementation of the database, they might also be asked to plan and coordinate its security measures. Database administrators, according to the BLS, earned $80,280 in median wages in 2014.
Computer and Information Research Scientists
Computer and information research scientists apply their expertise and innovative techniques to more complex problems of computer software and hardware. They most often work as theorists, researchers, or inventors. They apply a higher level of theoretical expertise and innovation and develop solutions to complex problems relating to computer hardware and software. Those with backgrounds in security might work as security specialists for data recovery situations or in installing custom security software. Computer and information research scientists earned a median salary of $108,360 in 2014 according to the BLS.
Computer User Support Specialists
Computer user support specialists do not generally have the training and background needed for information assurance. However, it can be a good launching pad for future specialists. Working in technical support or as help-desk technicians can be outstanding experience for learning about various hardware, software and systems. Support specialists often work as troubleshooters in a business or other organization. Computer user support specialists earned a median salary of $47,610 in 2014 according to statistics from the BLS.
Computer Network Architects
Computer network architects design and evaluate network systems. Working day to day with network modeling, analysis and planning offers some of the fundamental background needed for advancement into information assurance. They might also be responsible for web site design and creation, including security issues. Network architects earned a median salary of $98,430 in 2009 according to the BLS.
Computer Systems Administrators
A computer systems administrator installs and manages an organization's network or Internet system. They are responsible for maintaining network hardware and software, analyzing problems, and monitoring to make certain it is available to the system when needed. This person is often asked to plan and implement the organization's network security measures. In some organizations, computer security specialists are responsible for the information security. Computer systems managers earned a median annual salary of $72,560 in 2012 according to the BLS.
Computer and Information Systems Managers
Computer and information systems managers are more directly involved in overseeing others who work in the system such as network analysts and computer programmers. This means they must determine the personnel and equipment needs of the organization. They are usually in charge of coordinating such activities as upgrading the hardware and software, developing computer networks, and programming the system. Computer and information systems managers earned a median annual salary of $127,640 in 2014 according to statistics from the BLS.
Computer and Information Systems Managers
Computer and information systems managers manage the information system, which includes applications, networks, personal computers and hardware and software. This typically involves the planning, organizing and daily support of the system under the supervision of the chief information officer. They might oversee user services such as an organization's help desk. Computer and information systems managers made a median annual salary of $127,640 in 2014 according to the BLS.
Project managers develop requirements, budgets, and schedules information technology projects. They work with internal and external clients, vendors, consultants, and computer specialists to coordinate projects from development through implementation. They have become more involved in projects to upgrade information security.
Local Area Network and Wide Area Network Managers
Local area network and wide area network managers can be in charge of everything from setting up the network through managing and updating it. The configuration of the hardware and software used to create the connections falls under this job's function. The larger the network, the more security issues can become a problem. As is true with most of these positions, the job requires extensive knowledge of system setups and the hardware used to operate it. The managers must know the network inside and out.
Information Assurance Licensing and Certification
A license is not needed for a career in information assurance. However, certifications in some technologies might be required. Many of these certifications can be earned from vendors or technical colleges.
Learn more about information assurance:
- The Department of Defense Information Assurance Support Environment
- The National Security Agency/Central Security Service Information Assurance Technical Framework Forum