Print Сite this

Principles and Practice


Johnston and Warkentin (2010) define information assurance (IA) as the “practice of ensuring that information within an organization is kept secure, reliable and private” (p.12). Johnston and Warkentin (2010) regard information assurance as a practice that provides organizational managers with the direction and security mechanisms for keeping information assets secure from various threats and aligning them with organizational mission, goals, and objectives.

We will write a
custom essay
specifically for you

for only $16.05 $11/page
308 certified writers online
Learn More

According to Raval and Fichadia (2007) and Stallingsand Brown (2011), IA is the practice of managing risks when transmitting, storing, and processing data to ensure confidentiality, integrity, and availability (CIA) of information are enforced.

Information assurance policy

To ensure the CIA, the general, system, and issue-specific information assurance policies provide rules and directions for securing information assets to protect them against the risk of internal and external threats. The policy statement reads that all policies and procedures should be read and understood by those responsible for handling information assets (Stallings & Brown, 2011).

The scope of the policy covers confidently, availability, and integrity issues and ensures that risk management practices are implemented (Johnston & Warkentin, 2010). The policy defines the information owner, custodian, user, and emergency access to information (Posthumus & Von Solms, 2004).

How to achieve goals, mission, and objectives

Johnston and Warkentin (2010) emphasize that the goals, objectives, and the mission of an organization can be achieved at operational-tactical, strategic and organizational levels through asset identification, risk assessment, and by implementing a security discipline and ethical conduct within the organization.

The underlying principles which organizations can factor into the IA processes to succeed in securing Information assets include putting in place compliance measures, effective access controls, business continuity, asset management processes, and personnel security (Posthumus & Von Solms, 2004).

Facility management practices for threat protection

Organizations can manage the security of their facilities through the right coordination of space, people, organization, and infrastructure based on a classification of an effective information asset (Stallings & Brown, 2011). A secure environment consisting of people, processes, and technology and is achieved by putting in place security audits of security practices against anticipated and unanticipated threats (Johnston & Warkentin, 2010).

Get your
100% original paper
on any topic

done in as little as
3 hours
Learn More

It involves conducting a series of inspections, interviews, and documentary reviews based on existing standards based on a crime prevention policy (Posthumus & Von Solms, 2004). The key elements organizations put in place to prevent information assets against threats include the use of quality locks and restricting access to organizational assets.

Security audits should focus on system management, internal security, perimeter protection, and emergency management. Security cameras, changes to door hardware, improved lighting, and initiating security controls provides organizations with the ability to counter threats (Stallings & Brown, 2011).

Applying Information assurance concepts and Basic security concepts

The Information assurance concepts, which can be applied to ensure that information is kept secure, include confidentiality, integrity, and availability (CIA). Johnston and Warkentin (2010) argue that information integrity can be applied to ensure that information is kept secure by using digital signatures and encrypting data on the transmission or when at rest so that information is not modified by unauthorized persons.

According to Johnston and Warkentin (2010), availability guarantees legitimate users information access when required. Accuracy, non-repudiation, and authentication enable users to verify the accuracy of the information and confirm that the claims made by parties exchanging information are accurate.


Johnston, A. C., & Warkentin, M. (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS quarterly, 34(3). 40-45.

Posthumus, S., & Von Solms, R. (2004). A framework for the governance of information security. Computers & Security, 23(8), 638-646.

Raval, V., & Fichadia, A. (2007). Risks, controls, and security: Concepts and applications. Hoboken, New Jersey: John Wiley & Sons.

We will write a custom
for you!
Get your first paper with
15% OFF
Learn More

Stallings, W., & Brown, L. (2011). Computer security: Principles and practice. Upper Saddle River, New Jersey: Prentice Hall.

Cite this paper

Select style


StudyCorgi. (2020, April 2). Principles and Practice. Retrieved from


StudyCorgi. (2020, April 2). Principles and Practice.

Work Cited

"Principles and Practice." StudyCorgi, 2 Apr. 2020,

1. StudyCorgi. "Principles and Practice." April 2, 2020.


StudyCorgi. "Principles and Practice." April 2, 2020.


StudyCorgi. 2020. "Principles and Practice." April 2, 2020.


StudyCorgi. (2020) 'Principles and Practice'. 2 April.

This paper was written and submitted to our database by a student to assist your with your own studies. You are free to use it to write your own assignment, however you must reference it properly.

If you are the original creator of this paper and no longer wish to have it published on StudyCorgi, request the removal.