Information Assurance

Information assurance (IA) is the protection of information systems against unauthorized access to or modification of information that is stored, processed, or being sent over a network.  For e-commerce to be secure, the information assurance should ensure the confidentiality, integrity and availability of information. Confidentiality means that private information should be encrypted so that the person who it is intended for can only read it. Integrity means that the information should be kept accurate without being altered. Lastly, availability means that the data, website of other EC information should be timely, reliable and restricted to authorized users.

For the EC data to b able to have confidentiality, integrity and be available, the data should also depend on authentication. Which is the process of verifying the real identity of an entity like a person, computer or website. Authentication verifies that the entity is who it claims to be. After the entity is authenticated, the entity also needs to be authorized. The process of authorization is the process in which it is determined what the authenticated entity is allowed to access and what operations he is allowed to perform. There is also nonrepudiation, which is the process that assures that online customers or teading partners cannot falsely deny their purchase or transaction.

Authentication and nonrepudiation are defenses against phishing and identity theft. To ensure trust in EC transactions, digital signatures or digital certificates are used to validate the sender and time stamp of the transaction so that later it cannot be claimed that the transaction was unauthorized or invalid.