Information Assurance is more than just simply protecting the information. It is about properly identifying and classifying information.
Knowing the information is the key. If you don’t know the information you cannot properly classify it. I know of a company that lost a multi-million $ contract due to not knowing the information. Which… because they did not know it, misclassified the information resulting in a loss of Information Assurance.
In addition to loosing the contract, the company will likely have to spend several thousand dollars to have their computers scrubbed to remove the classified information from their computer systems not authorized to process that data.
No your information!
Think twice and perform a cyber 360.