Talk:Information assurance/Archives/2012

Ch-ch-ch-anges
There's been a lot of them. And it looks like some IA practioners have been updating the article. How about adding the ALE SLE ARO formula? Luis F. Gonzalez 23:15, 2 November 2006 (UTC)

Parkerian Hexad
The whole inclusion of this fringe idea feels more like graffiti then anything. While Donn B. Parker fervently believes this to be better then the CIA triad, this is not a widely held belief in the IA community. There are about 3000 Google hits on this "widely" accepted alternative - randomly pounding on a keyboard generally generates a significantly greater number of hits. Moreover, these references in google all appear to be user editable wiki sorts of things.

It should be removed. —Preceding unsigned comment added by 72.196.28.74 (talk) 22:52, 10 August 2010 (UTC)


 * I think references to the Parkerian Hexad should be removed from the lead section, to be sure, along with the descriptions of the two other information assurance models. Such detailed descriptions do not belong in a lead section, and should be moved to the body of the article. I think the Parkerian Hexad is still worth mentioning, as the concepts of utility, possession & control, and availability (especially) are of concern to information assurance practitioners. Doing so might best be handled by thoroughly describing the C-I-A model in a section on Information Assurance Models, then adding the extra Parkerian elements of availabiltiy, possession & control, and utility in a subsequent section. Using this scheme, C-I-A would be a large section, the Five Pillars its own, and the Parkerian Hexad a small section fleshing out the Hexad's additions to the C-I-A triad. -- Darmokandjalad (talk) 20:23, 20 December 2011 (UTC)

Added header back
The IA Asset header was removed for some reason. Luis F. Gonzalez 01:55, 16 December 2006 (UTC)

The link to "integrity" should link to "data integrity" instead. I am not sure how to make that edit.

Really, this reads like modern marketing propaganda in some sections
Honestly, we know how to do high assurance information systems, just internal fighting killed off most of them, and some of the others lack demand to continue to innovate. There is no mention of TCSEC, old though it may be, it DID work, and I can think of nothing that the Common Criteria does to provide true assurance (only a best-practices, and often only protecting a specific application, ignoring the underlying OS threats, the hardware risks, etc.)

I am tempted to rewrite or at least add some historical perspective to this document. Section9 Bateau (talk) 12:51, 8 July 2010 (UTC)

Professionalism section and Template_talk:Computer_Security_Certifications
There is a debate about the difference between Computer Security, Information Security and Information Assurance; see Information Assurance top for a short explanation.

I think that most certification listed are about Information Assurance and Information Security: look at the certification names.

Computer Security is a more used but limited term.

Information Security is a wider term than Computer security: I proposed to change (at least in the first line of the navbox) the name of this template. Moving the template to a new name "Information Security Certifications" would be better. I do not know if redirect work for transclusions, otherwise we have to change (eventually by a bot) all the references.

I have noticed that not every certification listed in the template transclude the template itself.

According to my opinion at least an article should transclude this template. I saw that Computer security and Computer insecurity do not have a certification/professionalism sections

Information assurance have sections about certifications and I recently have worked on Information security.

I think the best solution is to write a new article perhaps Information security certification, moving the current versions of the above mentioned sections dealing with certification and inserting a  in the articles. Eventually in this new article we can try to categorize the different certifications

I will post a similar sections in the cited articles. I suggest that your welcome comments to be posted in Template_talk:Computer_Security_Certifications

--Pastore Italy (talk) 12:08, 17 December 2010 (UTC)

Integrity/Authenticity
The Integrity and Authenticity sections appear to say the same thing. Is there any difference (other than sourrce) between them? Or should they be combined? 214.4.238.180 (talk) 14:20, 10 May 2011 (UTC)

A knight protecting the earth?
The image http://en.wikipedia.org/wiki/File:Information_Assurance.png looks quite silly, is it really used by the U.S. government?


 * Agreed. I intend to clean up the article's citations (and lack thereof) shortly and will attempt to learn whether this ridiculous emblem is actually used. So far, I've only found it on an obscure page on the website of a single U.S. Air Force base (Schriever). -- Darmokandjalad (talk) 19:56, 20 December 2011 (UTC)

Candidate for Semi-Protection?
Reviewing this article's revision history, it's clear that it's seen a great many revisions from unregistered users. Might this be contributing to the sorry state of the article? If so, should we request the article be placed under semi-protection? I'm still new to Wikipedia policy, so I wanted to check this talk page before submitting a request to Requests for Page Protection. Thoughts? -- Darmokandjalad (talk) 20:06, 20 December 2011 (UTC)

References / External Links / Documentation Mess
As mentioned above, I'm trying to clean up the citations in this article. There are at present three "References" sections, one of which is embedded in the middle of the article. An "External Links" section lists the URLs of organizations not mentioned in the body of the article, which I think is poor form. Finally, the "Documentation" section needs to go, I think, as any documents being used as reference material in the body should be listed in the "References" section, and any not used to support the article shouldn't be listed. In keeping with Wikipedia's "Be Bold!" mantra, I'm going to go ahead and start re-arranging large swathes of references before hunkering down to insert citations. -- Darmokandjalad (talk) 20:33, 20 December 2011 (UTC)

Content Reduction
After reviewing this article, it seems that most of the concepts we're attempting to cover here are already treated in information security. I move that we remove reference to the IA concepts sections (C-I-A triad, the Five Pillars, Parkerian hexad, etc.) and focus on how IA is distinct from information security. This would probably see us reducing the article to the discussion of IA's focus on risk management, information security program management, and regulatory and standards compliance. Thoughts? -- Darmokandjalad (talk) 05:57, 8 January 2012 (UTC)


 * Went ahead and reduced content duplicative of that in the article on Information Security, namely, the section Basic Principles. I edited the remaining copy to hone in on IA's distinctive focus on risk management and regulatory compliance. I will continue editing the article for clarity and proper citation. Darmokandjalad (talk) 05:24, 9 January 2012 (UTC)