Information Assurance Analysts


Exploring this Job

Develop a plan to protect information—be it a database you use to track membership in a school club, a term paper for a history class, or your bank account user name and password. Consider the risks involved during the usage, transmission, and storage of this information, and develop steps to protect it. Talk to office staff or your school’s information technology (IT) director to see what plans are in place to protect information and data systems.

Talk with information assurance analysts about their careers. Your school counselor or computer science teacher can help arrange information interviews.

Read the Information Assurance Handbook: Effective Computer Security and Risk Management Strategies, by Corey Schou and Steven Hernandez, and other books to learn more about the field.

The Job

The concepts of “information assurance” and “information security” are often used interchangeably, but while workers in these fields share certain skill sets and cooperate in many areas, they are different occupational areas. Information security professionals help organizations develop systems and protocols to avoid cyberattacks, but, most significantly, respond in real-time to cyberattacks. On the other hand, information assurance analysts are much more involved in “big picture” thinking—developing risk management assessments of security threats and procedures, strategies to protect data before attacks, and plans to recover data if a cyberattack, natural disaster, or terrorist attack occurs, rather than responding to cyberattacks. 

Job duties for information assurance analysts can be organized into the areas of planning/assessment, education, and threat response.  

In regard to planning/assessment, analysts analyze the vast range of information (text, audio, videos, etc.) that their organization produces or uses to create various levels of protection—ranging from open access to highly classified; assess information system security requirements, functionality, and the effectiveness of security solutions against current and projected threats; and conduct risk assessments of information systems, and data usage, transmission, and processing practices. They also ensure conformity of password policies and security countermeasures; execute various risk management framework methodologies, including the National Institute of Standards and Technology’s cybersecurity framework; prepare disaster recovery plans that provide a guide for recovering data after a natural disaster or terrorist attack; ensure that all equipment and storage devices are properly marked with the appropriate security designation (confidential, secret, top-secret, etc.); conduct periodic reviews to ensure compliance with established policies and procedures; and ensure outmoded information systems are disposed of correctly based on organizational security policies and procedures.

In the area of education, analysts develop and lead training programs that teach employees about their information assurance responsibilities (e.g., what materials may or may not be removed from the work site, rules about using Flash drives that contain top-secret information on unclassified computers, etc.)

In response to threats, analysts investigate security incidents and implement protective and corrective measures to reduce incidents and risk; work with team members to remediate and mitigate findings; and respond in real-time to cyberattacks (although at many organizations, this is handled by cybersecurity analysts).