Information Assurance with Special Reference to the Security Content Automation Protocol (SCAP) — An Overview

Information Assurance, in short, is called as IA. This is responsible for securing information systems and computing. The term holds the highest degree of security related affairs. In generally Computer Security considered as a branch and area of security but now apart from this, Information Security, IT Security, and Information Assurance considered as important. And among these, security related domain Information Assurance treated as broader and interdisciplinary. Moreover, this Information Assurance holds all the areas and dealing of IT Security and Information Security but additionally, it is responsible for the designing, development of policies, regulation and guidelines of security related projects /proposal, etc. And among the administrative and protocol related affairs Security Content Automation Protocol treated as important. In short, it is called as SCAP. It is a kind of method for using specific standards for the purpose of enabling vulnerability management systems in an automated way for the measurement as well as policy compliance assessment regarding the systems inbuilt in a company or institutions; that may include IT company or may not be. This is a conceptual paper, initially, it has discussed with the areas of Information Assurance but gradually it has described about the Security Content Automation Protocol; including its aim and objectives, versions, etc. paper mentioned all the areas in short and simple sense.


INTRODUCTION :
Information Assurance in short called as IA. This is a major name in Information Science and Computing as far as Security and allied technologies are concerned. Information Assurance is a broad field and containing all the areas of security viz. IT Security, Information Security, and sub areas viz. Network Security, Web Security, Database Security etc. It is important to note that, while other security fields are concerned about the technologies and technicalities, Information Assurance is additionally focused with managerial, social and legal areas of security. And that includes about the tools, products, rules and framework etc [1], [12]. In Information Assurance, content play a major role and as far as various and noted protocol is concerned among them one important is Security Content Automation Protocol (SCAP). The SCAP is required for the automated vulnerability measurement, policies etc. OpenSCAP is a kind of example of open marketable method. NIST stated SCAP as "…a suite of specifications that standardize the format and nomenclature by which security software products communicate software flaw and security configuration information". The SCAP is basically consist with two major element first one is protocol and second one is Software flaw. It is important to note that, various security activities as well as disciplines is able to get benefit from standardized expression including reporting and in this regard SCAP is important one [5], [7], [12].
This current paper is theoretical in nature and basic type. It is provided bellow an overview on Information Assurance but with additional focus on Security Content Automation Protocol (SCAP) viz.- To know about the basics of Information Assurance and its nature or characteristics in simple sense.  To learn about the importance, function and role of Information Assurance in current age of security systems.  To learn about the basics of SCAP i.e. Security Content Automation Protocol including its basic need and aim.  To learn about the basics of SCAP i.e. Security Content Automation Protocol with reference to the components and other related affairs.  To know about the increasing importance of Security Content Automation Protocol (SCAP) in automated information security etc.

INFORMATION ASSURANCE: THE WAY :
Information Assurance is a broader field within security related areas and there are different areas within this viz. IT Security, Information Security, Computer Security and Cyber Security as it is deals with following features, functions and aims- Information Assurance is dedicated to information solutions of security related affairs viz. IT Security, Information Security etc.  Information Assurance is also care about the manual as well as technological securities.  The policies, framework, guidelines of security related services and products are the jurisdiction of the field Information Assurance.  Information Assurance is cares about manual content security as well as privacy related issues and this is increasing day by day.  Information Assurance today not only a way for the security management but also become a field of study and the field/ term/ applications growing internationally [12], [22].  Evaluation of systems [2], [3], [4] The Security Content Automation Protocol in short SCAP basically pronounced as S (ESS) CAP. And sometime individually as S.C.A.P. The NIST definition we already learned it is worthy to note that, according to the NIST guidelines three major ways of maintaining security of the organizations are includes-1. Verifying as well as installation of the patches, automatically. 2. Checking and continuing configuration of the system security.

SECURITY CONTENT AUTOMATION PROTOCOL AND FEW CONCERNS :
The NVD i.e. National Vulnerability Database is established in United States and responsible to content and data repository for the SCAP. Security Content Automation Protocol (SCAP) is responsible for the following- Organizing  Expressing  Measuring Security information having automated approach for security management of the entire enterprise systems. OpenSCAP is a kind of example of open marketable method. FDCC i.e. Federal Desktop Core Configurations well as United States Government Configuration Baseline initiative i.e. USGCB i.e., it was evolved from the Federal Desktop Core Configuration authorized as well as mandate the requirements of the SCAP/ Security Content Automation Protocol [8], [11].
The SCAP or Security Content Automation Protocol required for the purpose of guard against security threats of the institutions, organizations etc for continuous monitoring to the computer systems; it includes the applications they have deployed, upgrade to configurations. It is worthy to note that, various open standards which are applicable to enumerate software flaws including configuration issues related to security fall under the SCAP. Some of the applications which is required to conduct security monitoring as well as measuring vulnerabilities basically comes under the SCAP i.e. Security Content Automation Protocol (Refer Fig: 1 & Fig: 2 for further).

SCAP COMPONENTS:
Security Content Automation Protocol has two major concern/ elements and among these few important are- First, it is a protocol (It is a kind of four open specifications which is dedicated to the standardize the format as well as nomenclature and specification; and each is known as SCAP Specification.  Second, Security Content Automation Protocol is also about the software flaw as well as few security configuration standard reference data, and this is also referred as SCAP content [13], [14], [15]. The following table (table 1) shows the Security Content Automation Protocol Version and components herewith.

SCAP CHECKLISTS :
Security Content Automation Protocol (SCAP) checklist is responsible for the automation ad also the linkage between the configuration of the computer security and with SP 800-53 framework. Running Security Content Automation Protocol (SCAP) version is dedicated to the initial measurement and also continuous monitoring [4], [16], [17]. Additionally, this way, Security Content Automation Protocol (SCAP) is dedicated to the implementation, evaluation as well as monitoring steps of the NIST Risk Management Framework. And here SCAP Validation Program is responsible for checking the ability of products to employ SCAP standards [18], [19]. It is also important to note that Community participation is required for healthy Security Content Automation Protocol (SCAP) implementation. It is important to note that security automation agenda of the NIST is currently broader and weakness management application.

CONCLUSION :
The world is changing rapidly, security is an important concern as far as Information Technology and Computing field. Privacy is very important concern in various respects. Information Assurance is a great name in respect of combining both. Additionally, Information Assurance is also responsible for the managing manual contents and it deals managerial affairs leading to rules, regulation, framework etc [12], [20], [21]. Hence as far as SCAP is concerned it is needed for better and healthy security policies designing and development. Every big organizations these days are using IT products and services and it is important if they are interested to employ SCAP for further enhancement.