Skip to Main Content

Information Assurance Analysts

The Job

The concepts of “information assurance” and “information security” are often used interchangeably, but while workers in these fields share certain skill sets and cooperate in many areas, they are different occupational areas. Information security professionals help organizations develop systems and protocols to avoid cyberattacks, but, most significantly, respond in real-time to cyberattacks. On the other hand, information assurance analysts are much more involved in “big picture” thinking—developing risk management assessments of security threats and procedures, strategies to protect data before attacks, and plans to recover data if a cyberattack, natural disaster, or terrorist attack occurs, rather than responding to cyberattacks. 

Job duties for information assurance analysts can be organized into the areas of planning/assessment, education, and threat response.  

In regard to planning/assessment, analysts analyze the vast range of information (text, audio, videos, etc.) that their organization produces or uses to create various levels of protection—ranging from open access to highly classified; assess information system security requirements, functionality, and the effectiveness of security solutions against current and projected threats; and conduct risk assessments of information systems, and data usage, transmission, and processing practices. They also ensure conformity of password policies and security countermeasures; execute various risk management framework methodologies, including the National Institute of Standards and Technology’s cybersecurity framework; prepare disaster recovery plans that provide a guide for recovering data after a natural disaster or terrorist attack; ensure that all equipment and storage devices are properly marked with the appropriate security designation (confidential, secret, top-secret, etc.); conduct periodic reviews to ensure compliance with established policies and procedures; and ensure outmoded information systems are disposed of correctly based on organizational security policies and procedures.

In the area of education, analysts develop and lead training programs that teach employees about their information assurance responsibilities (e.g., what materials may or may not be removed from the work site, rules about using Flash drives that contain top-secret information on unclassified computers, etc.)

In response to threats, analysts investigate security incidents and implement protective and corrective measures to reduce incidents and risk; work with team members to remediate and mitigate findings; and respond in real-time to cyberattacks (although at many organizations, this is handled by cybersecurity analysts).

Related Professions