Instructor Manual Principles of Information Security, 7th Edition by Michael E. Whitman ||Complete A+ Guide

Instructor fManual: fWhitman fand fMattord, fPrinciples fof fInformation fSecurity f7e, fISBN f978-0-357-50643-1; fModule f1: fIntroduction fto
Information fSecurity




InstructorManual f




Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1:
f f f f f f f f f f f


Introduction to Information Security
f f f f




Table of Contents f f




Purpose and Perspective of the Module ........................................................................................ 2
f f f f f



Cengage Supplements ................................................................................................................ 2
f



Module Objectives ....................................................................................................................... 2
f



Complete List of Module Activities and Assessments..................................................................... 2
f f f f f f



Key Terms ................................................................................................................................... 3
f



What's New in This Module .......................................................................................................... 4
f f f f



Module Outline ............................................................................................................................ 4
f



Discussion Questions ................................................................................................................ 15
f



Suggested Usage for Lab Activities ............................................................................................ 16
f f f f



Additional Activities and Assignments ......................................................................................... 17
f f f



Additional Resources ................................................................................................................. 17
f



Cengage Video Resources .............................................................................................................................. 17
f f



Internet Resources ......................................................................................................................................... 17
f



Appendix ................................................................................................................................... 18
Grading Rubrics .............................................................................................................................................. 18
f




© f2022 fCengage. fAll fRights fReserved. fMay fnot fbe fscanned, fcopied for fduplicated, for fposted fto fa fpublicly 1
faccessible f website, fin fwhole for fin fpart.

, Instructor fManual: fWhitman fand fMattord, fPrinciples fof fInformation fSecurity f7e, fISBN f978-0-357-50643-1; fModule f1: fIntroduction fto
Information fSecurity


Purpose and Perspective of the Module f f f f f




The first module of the course in information security provides learners the foundational
f f f f f f f f f f f f


knowledge to become well versed in the protection systems of any size need within an
f f f f f f f f f f f f f f f


organization today. The module begins with fundamental knowledge of what information security
f f f f f f f f f f f f


is and the how computer security evolved into what we know now as information security today.
f f f f f f f f f f f f f f f f


Additionally, learners will gain knowledge on the how information security can be viewed either as
f f f f f f f f f f f f f f f


an art or a science and why that is the case.
f f f f f f f f f f f




Cengage Supplements f




The following product-level supplements are available in the Instructor Resource Center and provide
f f f f f f f f f f f f


additional information that may help you in preparing your course:
f f f f f f f f f f



 PowerPoint slides f


 Test banks, available in Word, as LMS-ready files, and on the Cognero platform
f f f f f f f f f f f f


 MindTap Educator Guide f f


 Solution and Answer Guide f f f


 This instructor‘s manualf f




Module Objectives f




The following objectives are addressed in this module:
f f f f f f f



1.1 Define information security. f f



1.2 Discuss the history of computer security and explain how it evolved into information
f f f f f f f f f f f f


security.
f



1.3 Define key terms and critical concepts of information security.
f f f f f f f f



1.4 Describe the information security roles of professionals within an organization.
f f f f f f f f f




Complete List of Module Activities and Assessments f f f f f f




For additional guidance refer to the MindTap Educator Guide.
f f f f f f f f




Module PPT slide f Activity/Assessment Duration
Objective
f



2 Icebreaker: Interview Simulation f f 10 minutes f


1.1–1.2 19–20 Knowledge Check Activity 1 f f f 2 minutes f


1.3 34–35 Knowledge Check Activity 2 f f f 2 minutes f


1.4 39–40 Knowledge Check Activity 3 f f f 2 minutes f


1.1–1.4 MindTap Module 01 Review Questions f f f 30–40 minutes f


1.1 –1.4 f f MindTap Module 01 Case Exercises f f f 30 minutes f


1.1 –1.4 f f MindTap Module 01 Exercises f f 10–30 minutes per f f


question; 1+ hour f f


per module
f f


1.1 –1.4 f f MindTap Module 01 Security for Life f f f f 1+ hour f


1.1 –1.4 f f MindTap Module 01 Quiz f f 10–15 minutes f



[return to top] f f




© f2022 fCengage. fAll fRights fReserved. fMay fnot fbe fscanned, fcopied for fduplicated, for fposted fto fa fpublicly 2
faccessible f website, fin fwhole for fin fpart.

, Instructor fManual: fWhitman fand fMattord, fPrinciples fof fInformation fSecurity f7e, fISBN f978-0-357-50643-1; fModule f1: fIntroduction fto
Information fSecurity


Key Terms f




In order of use:
f f f



computer security: In the early days of computers, this term specified the protection of the
f f f f f f f f f f f f f f


physical location and assets associated with computer technology from outside threats, but it later
f f f f f f f f f f f f f f


came to represent all actions taken to protect computer systems from losses.
f f f f f f f f f f f f



security: A state of being secure and free from danger or harm as well as the actions taken to make
f f f f f f f f f f f f f f f f f f f


someone or something secure.
f f f f



information security: Protection of the confidentiality, integrity, and availability of information
f f f f f f f f f f


assets, whether in storage, processing, or transmission, via the application of policy, education,
f f f f f f f f f f f f f


training and awareness, and technology.
f f f f f



network security: A subset of communications security; the protection of voice and data networking
f f f f f f f f f f f f f


components, connections, and content.
f f f f



C.I.A. triad: The industry standard for computer security since the development of the
f f f f f f f f f f f f


mainframe; the standard is based on three characteristics that describe the attributes of
f f f f f f f f f f f f f


information that are important to protect: confidentiality, integrity, and availability.
f f f f f f f f f f



confidentiality: An attribute of information that describes how data is protected from disclosure or f f f f f f f f f f f f f


exposure to unauthorized individuals or systems.
f f f f f f



personally identifiable information (PII): Information about a person‘s history, background,
f f f f f f f f f


and attributes that can be used to commit identity theft that typically includes a person‘s name,
f f f f f f f f f f f f f f f f


address, Social Security number, family information, employment history, and financial
f f f f f f f f f f


information.
f



integrity: An attribute of information that describes how data is whole, complete, and
f f f f f f f f f f f f


uncorrupted.
f



availability: An attribute of information that describes how data is accessible and correctly formatted
f f f f f f f f f f f f f


for use without interference or obstruction.
f f f f f f



accuracy: An attribute of information that describes how data is free of errors and has the value that
f f f f f f f f f f f f f f f f f


the user expects.
f f f



authenticity: An attribute of information that describes how data is genuine or original rather than
f f f f f f f f f f f f f f


reproduced or fabricated.
f f f



utility: An attribute of information that describes how data has value or usefulness for an end
f f f f f f f f f f f f f f f


purpose.
f



possession: An attribute of information that describes how the data‘s ownership or control is
f f f f f f f f f f f f f


legitimate or authorized.
f f f



McCumber Cube: A graphical representation of the architectural approach used in computer
f f f f f f f f f f f


and information security that is commonly shown as a cube composed of 3×3×3 cells, similar to a
f f f f f f f f f f f f f f f f f


Rubik‘s Cube.
f f



information system: The entire set of software, hardware, data, people, procedures, and
f f f f f f f f f f f


networks that enable the use of information resources in the organization.
f f f f f f f f f f f



physical security: The protection of material items, objects, or areas from unauthorized access and
f f f f f f f f f f f f f


misuse.
f




© f2022 fCengage. fAll fRights fReserved. fMay fnot fbe fscanned, fcopied for fduplicated, for fposted fto fa fpublicly 3
faccessible f website, fin fwhole for fin fpart.

, Instructor fManual: fWhitman fand fMattord, fPrinciples fof fInformation fSecurity f7e, fISBN f978-0-357-50643-1; fModule f1: fIntroduction fto
Information fSecurity

bottom-up approach: A method of establishing security policies and/or practices that begins as a
f f f f f f f f f f f f f


grassroots effort in which systems administrators attempt to improve the security of their systems.
f f f f f f f f f f f f f f



top-up approach: A methodology of establishing security policies and/or practices that is initiated
f f f f f f f f f f f f


by upper management.
f f f



chief information officer (CIO): An executive-level position that oversees the organization‘s
f f f f f f f f f f


computing technology and strives to create efficiency in the processing and access of the
f f f f f f f f f f f f f f


organization‘s information.
f f



chief information security officer (CISO): The title typically assigned to the top information security
f f f f f f f f f f f f f


manager in an organization.
f f f f



data owners: Individuals who control and are therefore ultimately responsible for the security and
f f f f f f f f f f f f f


use of a particular set of information.
f f f f f f f



data custodians: Individuals who are responsible for the storage, maintenance, and protection of
f f f f f f f f f f f f


information.
f



data stewards: See data custodians.
f f f f



data trustees: Individuals who are assigned the task of managing a particular set of information and
f f f f f f f f f f f f f f f


coordinating its protection, storage, and use.
f f f f f f



data users: Internal and external stakeholders (customers, suppliers, and employees) who
f f f f f f f f f f


interact with information in support of their organization‘s planning and operations.
f f f f f f f f f f f



community of interest: A group of individuals who are united by similar interests or values
f f f f f f f f f f f f f f


within an organization and who share a common goal of helping the organization to meet its
f f f f f f f f f f f f f f f f


objectives.
f



[return to top] f f




What's New in This Module f f f f




The following elements are improvements in this module from the previous edition:
f f f f f f f f f f f



 This Module was Chapter 1 in the 6th edition.
f f f f f f f f


 The content that covered Systems Development was moved to Module 11:
f f f f f f f f f f


Implementation.
f


 The Module was given a general update and given more current examples.
f f f f f f f f f f f



[return to top] f f




Module Outline f




Introduction to Information Security (1.1, 1.2, PPT Slides 4–17) f f f f f f f f



I. Recognize that organizations, regardless of their size or purpose, have information they f f f f f f f f f f f


must protect and store internally and externally.
f f f f f f f



II. Analyze the importance and reasoning an organization must be responsible for thef f f f f f f f f f f


information they collect, store, and use.
f f f f f f



III. Review the concept of computer security and when the need for it initially arose.
f f f f f f f f f f f f f




© f2022 fCengage. fAll fRights fReserved. fMay fnot fbe fscanned, fcopied for fduplicated, for fposted fto fa fpublicly 4
faccessible f website, fin fwhole for fin fpart.