A New Approach to
Information Assurance (IA)
is an emerging term which captures the
expanded responsibilities involved in Information Security (IS).
Information Security had identified three
components namely "Confidentiality", "Integrity" and
"Availability" as the objectives. This CIA concept of
Information Security was adopted in information security
Implementation standards and also the audits.
Today it has been realized that IS is inadequate
if it is confined to the CIA concept. Hence various approaches
are being developed to make IS more meaningful and useful
In India, Naavi tried to expand this CIA concept
by adding the "Cyber Law Compliance" and calling the approach as
"Techno Legal Information Security Concept". Subsequently he
expanded it further to add "Behavioural Science" and called the
approach as "Three Dimensional Approach to Information
In US, CIA concept was expanded to include two
other components namely "Authenticity" and "Non Repudiation".
Further with the development of IS standards from BS7799 to ISO
27001, the basic IS concept had included "Compliance Aspects"
and "People Aspect" as part of the CIA implementation approach.
However the international approach was still led
by technology and hence the "Authenticity" and "Non Repudiation"
was addressed basically as technology tools required for the
purpose. Naavi's approach differed from this approach because he
focussed on what the law said about authentication and non
repudiation and looked for the same in IS implementation.
Also the compliance aspects included by ISO
practitioners revolved around "IPR" and more recently "Privacy"
issues. It addressed software licensing aspects and encryption
for privacy. Similarly, the "People" aspect addressed
"Awareness" and "Training" in information security policy and
Naavi's approach was however much more in depth
since by trying to include compliance of ITA 2008 and other
regulations such as HIPAA (For US oriented Health Care service
providers in India or GGWG (For Bankers in India), DPA (For EU
oriented service providers), he had enlarged the concept of
"Authenticity" and "Non Repudiation" to very high levels. Also
when it came to "People aspect", Naavi insisted on "Motivating"
employees through a structured approach which included building
a "Security Culture" in an organization including
"identification of deviant minds", "Management of human risks".
Hence Naavi's horizon was beyond the usual boundaries of the
Information Assurance concept which may be called the
CIA++ approach which is a five component program including
Authenticity and Non Repudiation to the original CIA concept.
This site therefore calls this approach as the
"Total Information Assurance" (TIA) concept. Presently TIA also
uses the five parameters used in the IA concept but the
treatment of each of the five components is different from the
IS concept (using CIA as components) or the IA concept (using
CIA + Authenticity +Non Repudiation as components).
Information Assurance itself is a new concept for
India and obviously TIA is a more nacent thought. It is however
considered that in due course the IA concept used
internationally will converge into TIA concept used here.
At present, we may recognize that TIA concept is
a basic concept under development and IS professionals, Legal
experts and Psychology specialists may contribute towards
development of this TIA approach into a well rounded augmented
Ujvala Consultants Pvt Ltd, promoted by Naavi is
in the process of development of a framework for implementation
of the TIA concept under an innovative modular approach and will
continue to work in this direction in the coming days. Such work
will also be showcased here. Others can also contribute their
approaches for publication here either as the TIA concept or
within the individual concepts such as Technical, Legal and
Behavioural components. It is understood that the content has to
be aggregated over a period and more the participation of the
public, better it would be for a speedier development of the
Being a leader in Information Technology is only
a starting point. India has to achieve leadership in IS and IA
and towards this direction we need to provide new thoughts. Let
this website provide such thought leadership
November 29, 2012