Accreditation for IA-related Web sites

Opinion
Mar 31, 20093 mins

* How to tell the good information-assurance sites from the bad?

Is there any way that a newcomer to information assurance (IA) can receive guidance on the trustworthiness of information about IA posted on the Web? How is a beginner to know whether the site is well researched or whether it should be used primarily as a source of garden fertilizer?

Is there any way that a newcomer to information assurance (IA) can receive guidance on the trustworthiness of information about IA posted on the Web (4 million hits on Google for “information assurance” and 72 million for “information security”)? How is a beginner to know whether the site is well researched or whether it should be used primarily as a source of garden fertilizer?

To find an example of information I could disagree with, I looked up “information security” in Wikipedia. Here’s a couple of sentences from the introduction:

“The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.”

Perhaps longtime readers will understand how strongly I object to the notion of describing the goals of information security in terms of the classic triad of confidentiality, integrity and availability; newer readers may want to check out my brief summary of the Parkerian Hexad on my Web site in the Overview section. There’s a narrated PowerPoint show there for you.

My new course on “The Politics of Cyberspace” has a number of interesting textbooks; one is “Born Digital: Understanding the First Generation of Digital Natives” by John Palfrey and Urs Gasser. In their discussion of mechanisms for providing indicators of the quality of information posted on the Internet, the authors point out that formal accreditation could provide a stamp of approval by experts to assure naïve users that a Web site offers reliable, well-researched information. They write:

“Among these accreditation and certification programs… is the Accreditation HealthCare Commission (URAC[, originally defined as “Utilization Review Accreditation Commission”]), an independent nonprofit organization that advocates for higher quality health-care information on the Web. So, for instance, if a teenage girl went to www.kidshealth.com, which is accredited by URAC, to learn more about the antihistamines that her physician prescribed, she’d have a better chance of getting more accurate information than if she went to a site that was not accredited, because URAC sets forth rigorous quality and accountability standards for health-care providers.”

I’d like to see an equivalent to URAC for our field. The, say, Information Assurance Website Accreditation Commission (IAWAC) would be funded by fees paid by Web site owners; experts and scholars could contribute their services in return for consulting fees to evaluate the correctness of Web pages submitted for accreditation. The IAWAC would be a self-sustaining non-profit organization; if it became financially successful, perhaps it could establish scholarships for students in university IA programs.

Why are you frowning at me? What did I say wrong?? What???