Information Assurance (IA) is the correct term that encompasses the five pillars listed in the question. IA is formally defined as the set of measures intended to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for the restoration of information systems by incorporating protection, detection, and reaction capabilities. While often used interchangeably with Information Security, IA represents a broader, more comprehensive scope that explicitly includes the principles of authentication and non-repudiation in addition to the traditional Confidentiality, Integrity, and Availability (CIA) triad.

A. Information Systems Security Engineering (ISSE): This is a process or discipline that applies scientific and engineering principles to develop secure systems; it is the "how-to" of building security in, not the overarching protective concept itself.

B. Information Protection Policy (IPP): This is a specific administrative control—a set of rules and procedures—that governs the protection of information. It is a component of an IA program, not the program itself.

C. Information systems security (InfoSec): This term is more narrowly focused, traditionally on the "CIA triad" (Confidentiality, Integrity, and Availability). IA is a broader term that explicitly adds authentication and non-repudiation to the core principles.

---

1. Committee on National Security Systems (CNSS). (2015). National Information Assurance Glossary

CNSS Instruction No. 4009. Page 35. This official document defines Information Assurance (IA) as: "Measures that protect and defend information and information systems by ensuring their availability

integrity

authentication

confidentiality

and non-repudiation." This definition directly matches the question's wording.

2. National Institute of Standards and Technology (NIST). (2018). Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. NIST Special Publication 800-160 Volume 1. Page 11

Section 2.2. This publication defines Systems Security Engineering (ISSE is a sub-discipline) as a "specialty engineering discipline... that applies... information assurance principles

" confirming that ISSE is a process that uses IA principles

rather than being the concept itself.

3. Solms

R. V.

& Van Niekerk

J. (2013). From information security to cyber security. Computers & Security

38

97-102. https://doi.org/10.1016/j.cose.2013.04.004. This peer-reviewed article discusses the evolution of terminology

noting that Information Assurance extends the traditional Information Security model to include properties like authenticity and non-repudiation

which are critical for trust in electronic transactions.

4. George Mason University. (n.d.). CYSE 230: Introduction to Network Security Course Syllabus. Volgenau School of Engineering. The course description distinguishes between Information Security (focusing on the CIA triad) and Information Assurance (a broader field including authentication

non-repudiation

and risk management)

which is a common distinction in academic curricula.