Coronavirus Update: Our team is here to help our clients and readers navigate these difficult times. Visit our Resources page now »

Skip to Main Content

Home Explore Careers

Information Assurance Analysts

The Job

The concepts of “information assurance” and “information security” are often used interchangeably, but while workers in these fields share certain skill sets and cooperate in many areas, they are different occupational areas. Information security professionals help organizations develop systems and protocols to avoid cyberattacks, but, most significantly, respond in real-time to cyberattacks. On the other hand, information assurance analysts are much more involved in “big picture” thinking—developing risk management assessments of security threats and procedures, strategies to protect data before attacks, and plans to recover data if a cyberattack, natural disaster, or terrorist attack occurs, rather than responding to cyberattacks. Job duties for information assurance analysts vary by employer, but most have the following responsibilities:

  • analyze the vast range of information (text, audio, videos, etc.) that their organization produces or uses to create various levels of protection—ranging from open access to highly classified
  • assess information system security requirements, functionality, and the effectiveness of security solutions against current and projected threats
  • conduct risk assessments of information systems, and data usage, transmission, and processing practices
  • develop training programs that teach employees about their information assurance responsibilities (e.g., what materials may or may not be removed from the work site, rules about using Flash drives that contain top-secret information on unclassified computers, etc.)
  • ensure conformity of password policies and security countermeasures
  • investigate security incidents and implement protective and corrective measures to reduce incidents and risk
  • execute various risk management framework methodologies, including the National Institute of Standards and Technology’s cybersecurity framework
  • work with team members to remediate and mitigate findings
  • prepare disaster recovery plans that provide a guide for recovering data after a natural disaster or terrorist attack
  • ensure that all equipment and storage devices are properly marked with the appropriate security designation (confidential, secret, top-secret, etc.)
  • conduct periodic reviews to ensure compliance with established policies and procedures
  • ensure outmoded information systems are disposed of correctly based on organizational security policies and procedures
  • respond in real-time to cyberattacks (although at many organizations, this is handled by cybersecurity analysts)
Related Professions