c
Instructor Manual
c cc
Principles of Information Security, 7th E
c c c cc c
dition by Michael E. Whitman
c c c c c
c
,c
Instructor Manual c c
WhitmancandcMattord,cPrinciplescofcInformationcSecurityc7e,cISBNc978-0-357-50643-
1;cModulec1:cIntroductionctocInformationcSecurityc
c
Table of Contents
c c c
PurposecandcPerspectivecofcthecModule ...................................................................................... 2
CengagecSupplements ............................................................................................................... 2
ModulecObjectives ...................................................................................................................... 3
CompletecListcofcModulecActivitiescandcAssessments .................................................................. 3
KeycTerms .................................................................................................................................. 3
What'scNewcincThiscModule ......................................................................................................... 5
ModulecOutline............................................................................................................................ 5
DiscussioncQuestions ............................................................................................................... 16
SuggestedcUsagecforcLabcActivities ........................................................................................... 16
AdditionalcActivitiescandcAssignments ....................................................................................... 18
AdditionalcResources ................................................................................................................ 18
CengagecVideocResources ....................................................................................................................... 18
InternetcResources .................................................................................................................................. 18
Appendix .................................................................................................................................. 19
GradingcRubrics ....................................................................................................................................... 19
c
Purpose and Perspective of the Module
c c c c c c
Thecfirstcmodulecofctheccoursecincinformationcsecuritycprovidesclearnerscthecfoundationalcknowled
gectocbecomecwellcversedcincthecprotectioncsystemscofcanycsizecneedcwithincancorganizationctoday.
cThecmodulecbeginscwithcfundamentalcknowledgecofcwhatcinformationcsecurityciscandcthechowccom
putercsecuritycevolvedcintocwhatcwecknowcnowcascinformationcsecurityctoday.cAdditionally,clearner
scwillcgaincknowledgeconcthechowcinformationcsecurityccancbecviewedceithercascancartcorcacsciencec
andcwhycthatcisctheccase.c
c
Cengage Supplements c c
Thecfollowingcproduct-
levelcsupplementscarecavailablecincthecInstructorcResourcecCentercandcprovidecadditionalcinformat
ioncthatcmaychelpcyoucincpreparingcyourccourse:c
• PowerPointcslidesc
• Testcbanks,cavailablecincWord,cascLMS-readycfiles,candconcthecCognerocplatformc
• MindTapcEducatorcGuidec
, • SolutioncandcAnswercGuidec
• Thiscinstructor‘scmanualc
c
Module Objectives c c
Thecfollowingcobjectivescarecaddressedcincthiscmodule:c
1.1c Definecinformationcsecurity.c
1.2c
Discusscthechistorycofccomputercsecuritycandcexplainchowcitcevolvedcintocinformationcsec
urity.c
1.3c Defineckeyctermscandccriticalcconceptscofcinformationcsecurity.c
1.4c Describecthecinformationcsecuritycrolescofcprofessionalscwithincancorganization.c
c
Complete List of Module Activities and Assessments
c c c c c c c
ForcadditionalcguidancecreferctocthecMindTapcEducatorcGuide.c
c
PPTcslidec Activity/Assessmentc Durationc
ModulecObjectivec
c
2c Icebreaker:cInterviewcSimulationc 10cminutesc
1.1–1.2c 19–20c KnowledgecCheckcActivityc1c 2cminutesc
1.3c 34–35c KnowledgecCheckcActivityc2c 2cminutesc
1.4c 39–40c KnowledgecCheckcActivityc3c 2cminutesc
1.1–1.4c MindTapc Modulec01cReviewcQuestionsc 30–40cminutesc
1.1c–c1.4c MindTapc Modulec01cCasecExercisesc 30cminutesc
1.1c–c1.4c MindTapc Modulec01cExercisesc 10–
30cminutescpercquestion;c1+chourcper
1.1c–c1.4c MindTapc Modulec01cSecuritycforcLifec 1+chourc
1.1c–c1.4c MindTapc Modulec01cQuizc 10–15cminutesc
[returnctoctop]c
Key Terms c c
Incordercofcuse:c
computercsecurity:cIncthecearlycdayscofccomputers,cthisctermcspecifiedcthecprotectioncofcthecphysi
calclocationcandcassetscassociatedcwithccomputerctechnologycfromcoutsidecthreats,cbutcitclaterccam
ectocrepresentcallcactionsctakenctocprotectccomputercsystemscfromclosses.c
security:cAcstatecofcbeingcsecurecandcfreecfromcdangercorcharmcascwellcascthecactionsctakenctocma
kecsomeonecorcsomethingcsecure.c
informationcsecurity:cProtectioncofcthecconfidentiality,cintegrity,candcavailabilitycofcinformationcas
sets,cwhethercincstorage,cprocessing,corctransmission,cviacthecapplicationcofcpolicy,ceducation,ctrai
ningcandcawareness,candctechnology.c
networkcsecurity:cAcsubsetcofccommunicationscsecurity;cthecprotectioncofcvoicecandcdatacnetwor
kingccomponents,cconnections,candccontent.c
, C.I.A.ctriad:cThecindustrycstandardcforccomputercsecuritycsincecthecdevelopmentcofcthecmainframe
;cthecstandardciscbasedconcthreeccharacteristicscthatcdescribecthecattributescofcinformationcthatcarec
importantctocprotect:cconfidentiality,cintegrity,candcavailability.c
confidentiality:cAncattributecofcinformationcthatcdescribeschowcdataciscprotectedcfromcdisclosureco
rcexposurectocunauthorizedcindividualscorcsystems.c
personallycidentifiablecinformationc(PII):cInformationcaboutcacperson‘schistory,cbackground,can
dcattributescthatccancbecusedctoccommitcidentityctheftcthatctypicallycincludescacperson‘scname,caddr
ess,cSocialcSecuritycnumber,cfamilycinformation,cemploymentchistory,candcfinancialcinformation.c
integrity:cAncattributecofcinformationcthatcdescribeschowcdataciscwhole,ccomplete,candcuncorrupte
d.c
availability:cAncattributecofcinformationcthatcdescribeschowcdataciscaccessiblecandccorrectlycforma
ttedcforcusecwithoutcinterferencecorcobstruction.c
accuracy:cAncattributecofcinformationcthatcdescribeschowcdataciscfreecofcerrorscandchascthecvaluect
hatcthecusercexpects.c
authenticity:cAncattributecofcinformationcthatcdescribeschowcdataciscgenuinecorcoriginalcratherctha
ncreproducedcorcfabricated.c
utility:cAncattributecofcinformationcthatcdescribeschowcdatachascvaluecorcusefulnesscforcancendcpur
pose.c
possession:cAncattributecofcinformationcthatcdescribeschowcthecdata‘scownershipcorccontrolcisclegi
timatecorcauthorized.c
McCumbercCube:cAcgraphicalcrepresentationcofcthecarchitecturalcapproachcusedcinccomputerca
ndcinformationcsecuritycthatcisccommonlycshowncascaccubeccomposedcofc3×3×3ccells,csimilarctoca
cRubik‘scCube.c
informationcsystem:cThecentirecsetcofcsoftware,chardware,cdata,cpeople,cprocedures,candcnetwor
kscthatcenablecthecusecofcinformationcresourcescincthecorganization.c
physicalcsecurity:cThecprotectioncofcmaterialcitems,cobjects,corcareascfromcunauthorizedcaccessc
andcmisuse.c
bottom-
upcapproach:cAcmethodcofcestablishingcsecuritycpoliciescand/orcpracticescthatcbeginscascacgrassr
ootsceffortcincwhichcsystemscadministratorscattemptctocimprovecthecsecuritycofctheircsystems.c
top-
upcapproach:cAcmethodologycofcestablishingcsecuritycpoliciescand/orcpracticescthatciscinitiatedcbyc
uppercmanagement.c
chiefcinformationcofficerc(CIO):cAncexecutive-
levelcpositioncthatcoverseescthecorganization‘sccomputingctechnologycandcstrivesctoccreateceffi
ciencycincthecprocessingcandcaccesscofcthecorganization‘scinformation.c
chiefcinformationcsecuritycofficerc(CISO):cThectitlectypicallycassignedctocthectopcinformationcsec
uritycmanagercincancorganization.c
datacowners:cIndividualscwhoccontrolcandcarecthereforecultimatelycresponsiblecforcthecsecuritycan
dcusecofcacparticularcsetcofcinformation.c
Instructor Manual
c cc
Principles of Information Security, 7th E
c c c cc c
dition by Michael E. Whitman
c c c c c
c
,c
Instructor Manual c c
WhitmancandcMattord,cPrinciplescofcInformationcSecurityc7e,cISBNc978-0-357-50643-
1;cModulec1:cIntroductionctocInformationcSecurityc
c
Table of Contents
c c c
PurposecandcPerspectivecofcthecModule ...................................................................................... 2
CengagecSupplements ............................................................................................................... 2
ModulecObjectives ...................................................................................................................... 3
CompletecListcofcModulecActivitiescandcAssessments .................................................................. 3
KeycTerms .................................................................................................................................. 3
What'scNewcincThiscModule ......................................................................................................... 5
ModulecOutline............................................................................................................................ 5
DiscussioncQuestions ............................................................................................................... 16
SuggestedcUsagecforcLabcActivities ........................................................................................... 16
AdditionalcActivitiescandcAssignments ....................................................................................... 18
AdditionalcResources ................................................................................................................ 18
CengagecVideocResources ....................................................................................................................... 18
InternetcResources .................................................................................................................................. 18
Appendix .................................................................................................................................. 19
GradingcRubrics ....................................................................................................................................... 19
c
Purpose and Perspective of the Module
c c c c c c
Thecfirstcmodulecofctheccoursecincinformationcsecuritycprovidesclearnerscthecfoundationalcknowled
gectocbecomecwellcversedcincthecprotectioncsystemscofcanycsizecneedcwithincancorganizationctoday.
cThecmodulecbeginscwithcfundamentalcknowledgecofcwhatcinformationcsecurityciscandcthechowccom
putercsecuritycevolvedcintocwhatcwecknowcnowcascinformationcsecurityctoday.cAdditionally,clearner
scwillcgaincknowledgeconcthechowcinformationcsecurityccancbecviewedceithercascancartcorcacsciencec
andcwhycthatcisctheccase.c
c
Cengage Supplements c c
Thecfollowingcproduct-
levelcsupplementscarecavailablecincthecInstructorcResourcecCentercandcprovidecadditionalcinformat
ioncthatcmaychelpcyoucincpreparingcyourccourse:c
• PowerPointcslidesc
• Testcbanks,cavailablecincWord,cascLMS-readycfiles,candconcthecCognerocplatformc
• MindTapcEducatorcGuidec
, • SolutioncandcAnswercGuidec
• Thiscinstructor‘scmanualc
c
Module Objectives c c
Thecfollowingcobjectivescarecaddressedcincthiscmodule:c
1.1c Definecinformationcsecurity.c
1.2c
Discusscthechistorycofccomputercsecuritycandcexplainchowcitcevolvedcintocinformationcsec
urity.c
1.3c Defineckeyctermscandccriticalcconceptscofcinformationcsecurity.c
1.4c Describecthecinformationcsecuritycrolescofcprofessionalscwithincancorganization.c
c
Complete List of Module Activities and Assessments
c c c c c c c
ForcadditionalcguidancecreferctocthecMindTapcEducatorcGuide.c
c
PPTcslidec Activity/Assessmentc Durationc
ModulecObjectivec
c
2c Icebreaker:cInterviewcSimulationc 10cminutesc
1.1–1.2c 19–20c KnowledgecCheckcActivityc1c 2cminutesc
1.3c 34–35c KnowledgecCheckcActivityc2c 2cminutesc
1.4c 39–40c KnowledgecCheckcActivityc3c 2cminutesc
1.1–1.4c MindTapc Modulec01cReviewcQuestionsc 30–40cminutesc
1.1c–c1.4c MindTapc Modulec01cCasecExercisesc 30cminutesc
1.1c–c1.4c MindTapc Modulec01cExercisesc 10–
30cminutescpercquestion;c1+chourcper
1.1c–c1.4c MindTapc Modulec01cSecuritycforcLifec 1+chourc
1.1c–c1.4c MindTapc Modulec01cQuizc 10–15cminutesc
[returnctoctop]c
Key Terms c c
Incordercofcuse:c
computercsecurity:cIncthecearlycdayscofccomputers,cthisctermcspecifiedcthecprotectioncofcthecphysi
calclocationcandcassetscassociatedcwithccomputerctechnologycfromcoutsidecthreats,cbutcitclaterccam
ectocrepresentcallcactionsctakenctocprotectccomputercsystemscfromclosses.c
security:cAcstatecofcbeingcsecurecandcfreecfromcdangercorcharmcascwellcascthecactionsctakenctocma
kecsomeonecorcsomethingcsecure.c
informationcsecurity:cProtectioncofcthecconfidentiality,cintegrity,candcavailabilitycofcinformationcas
sets,cwhethercincstorage,cprocessing,corctransmission,cviacthecapplicationcofcpolicy,ceducation,ctrai
ningcandcawareness,candctechnology.c
networkcsecurity:cAcsubsetcofccommunicationscsecurity;cthecprotectioncofcvoicecandcdatacnetwor
kingccomponents,cconnections,candccontent.c
, C.I.A.ctriad:cThecindustrycstandardcforccomputercsecuritycsincecthecdevelopmentcofcthecmainframe
;cthecstandardciscbasedconcthreeccharacteristicscthatcdescribecthecattributescofcinformationcthatcarec
importantctocprotect:cconfidentiality,cintegrity,candcavailability.c
confidentiality:cAncattributecofcinformationcthatcdescribeschowcdataciscprotectedcfromcdisclosureco
rcexposurectocunauthorizedcindividualscorcsystems.c
personallycidentifiablecinformationc(PII):cInformationcaboutcacperson‘schistory,cbackground,can
dcattributescthatccancbecusedctoccommitcidentityctheftcthatctypicallycincludescacperson‘scname,caddr
ess,cSocialcSecuritycnumber,cfamilycinformation,cemploymentchistory,candcfinancialcinformation.c
integrity:cAncattributecofcinformationcthatcdescribeschowcdataciscwhole,ccomplete,candcuncorrupte
d.c
availability:cAncattributecofcinformationcthatcdescribeschowcdataciscaccessiblecandccorrectlycforma
ttedcforcusecwithoutcinterferencecorcobstruction.c
accuracy:cAncattributecofcinformationcthatcdescribeschowcdataciscfreecofcerrorscandchascthecvaluect
hatcthecusercexpects.c
authenticity:cAncattributecofcinformationcthatcdescribeschowcdataciscgenuinecorcoriginalcratherctha
ncreproducedcorcfabricated.c
utility:cAncattributecofcinformationcthatcdescribeschowcdatachascvaluecorcusefulnesscforcancendcpur
pose.c
possession:cAncattributecofcinformationcthatcdescribeschowcthecdata‘scownershipcorccontrolcisclegi
timatecorcauthorized.c
McCumbercCube:cAcgraphicalcrepresentationcofcthecarchitecturalcapproachcusedcinccomputerca
ndcinformationcsecuritycthatcisccommonlycshowncascaccubeccomposedcofc3×3×3ccells,csimilarctoca
cRubik‘scCube.c
informationcsystem:cThecentirecsetcofcsoftware,chardware,cdata,cpeople,cprocedures,candcnetwor
kscthatcenablecthecusecofcinformationcresourcescincthecorganization.c
physicalcsecurity:cThecprotectioncofcmaterialcitems,cobjects,corcareascfromcunauthorizedcaccessc
andcmisuse.c
bottom-
upcapproach:cAcmethodcofcestablishingcsecuritycpoliciescand/orcpracticescthatcbeginscascacgrassr
ootsceffortcincwhichcsystemscadministratorscattemptctocimprovecthecsecuritycofctheircsystems.c
top-
upcapproach:cAcmethodologycofcestablishingcsecuritycpoliciescand/orcpracticescthatciscinitiatedcbyc
uppercmanagement.c
chiefcinformationcofficerc(CIO):cAncexecutive-
levelcpositioncthatcoverseescthecorganization‘sccomputingctechnologycandcstrivesctoccreateceffi
ciencycincthecprocessingcandcaccesscofcthecorganization‘scinformation.c
chiefcinformationcsecuritycofficerc(CISO):cThectitlectypicallycassignedctocthectopcinformationcsec
uritycmanagercincancorganization.c
datacowners:cIndividualscwhoccontrolcandcarecthereforecultimatelycresponsiblecforcthecsecuritycan
dcusecofcacparticularcsetcofcinformation.c
