When you first hear the term information assurance you tend to conjure up an image of a balanced set of reasonable measures that have been taken to protect the information after an assessment has been made of risks that are posed to it. In truth, this is the Holy Grail that all organisations that value their information should strive to achieve, but which few even understand. Information assurance is a term that has recently come into common use. When talking with old timers in IT (or at least those that are over 35-year old), you will hear them talking about information security, a term that has survived since the birth of the computer. In the recent past, the term information warfare was coined to describe the measures that need to be taken to defend and attack information. This term, however, has military connotations ? after all, warfare is normally their domain. Shortly after the term came into regular use, it was applied to a variety of situations encapsulated by Winn Schwartau as the f- lowing three classes of information warfare: Class 1: Personal information warfare Class 2: Corporate information warfare Class 3: Global information warfare Political sensitivities lead to ?warfare? being replaced by the ?operations?, a much more ?politically correct? word. Unfortunately, ?operations? also has an offensive connotation and is still the terminology of the military and gove- ments.