Information assurance is a guideline for planning, implementing, and assessing a secure IT infrastructure. This chapter examined several models, including the C-I-A triad, five pillars of IA, and Parkerian hexad. An organization should choose the one that most accurately reflects its IA requirements.
Ideally, every component of infrastructure should be evaluated for its contribution to information assurance on critical resources. Staff members, both technical and nontechnical, should participate in regular training on information assurance concepts so they are aware of the security implications of their decisions and are able to recognize important anomalies when they occur. When security incidents do occur, careful analysis and cross-referencing of various audit logs provides key information about the incident. This information is a valuable resource for preventing similar breaches in the future.