Instructor Manual: Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1: Introduction to
Information Security
Instructor Manual
Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module
1: Introduction to Information Security
Table of Contents
Purpose and Perspective of the Module ......................................................................................2
Cengage Supplements................................................................................................................2
Module Objectives ......................................................................................................................2
Complete List of Module Activities and Assessments ..................................................................2
Key Terms ..................................................................................................................................3
What's New in This Module .........................................................................................................4
Module Outline ............................................................................................................................4
Discussion Questions................................................................................................................15
Suggested Usage for Lab Activities...........................................................................................16
Additional Activities and Assignments .......................................................................................17
Additional Resources ................................................................................................................17
Cengage Video Resources ............................................................................................................................. 17
Internet Resources ........................................................................................................................................ 17
Appendix ...................................................................................................................................18
Grading Rubrics.............................................................................................................................................. 18
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 1
website, in whole or in part.
, Instructor Manual: Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1: Introduction to
Information Security
Purpose and Perspective of the Module
The first module of the course in information security provides learners the foundational
knowledge to become well versed in the protection systems of any size need within an
organization today. The module begins with fundamental knowledge of what information
security is and the how computer security evolved into what we know now as information
security today. Additionally, learners will gain knowledge on the how information security can be
viewed either as an art or a science and why that is the case.
Cengage Supplements
The following product-level supplements are available in the Instructor Resource Center and
provide additional information that may help you in preparing your course:
PowerPoint slides
Test banks, available in Word, as LMS-ready files, and on the Cognero platform
MindTap Educator Guide
Solution and Answer Guide
This instructor‘s manual
Module Objectives
The following objectives are addressed in this module:
1.1 Define information security.
1.2 Discuss the history of computer security and explain how it evolved into information
security.
1.3 Define key terms and critical concepts of information security.
1.4 Describe the information security roles of professionals within an organization.
Complete List of Module Activities and Assessments
For additional guidance refer to the MindTap Educator Guide.
Module PPT slide Activity/Assessment Duration
Objective
2 Icebreaker: Interview Simulation 10 minutes
1.1–1.2 19–20 Knowledge Check Activity 1 2 minutes
1.3 34–35 Knowledge Check Activity 2 2 minutes
1.4 39–40 Knowledge Check Activity 3 2 minutes
1.1–1.4 MindTap Module 01 Review Questions 30–40 minutes
1.1 – 1.4 MindTap Module 01 Case Exercises 30 minutes
1.1 – 1.4 MindTap Module 01 Exercises 10–30 minutes per
question; 1+ hour
per module
1.1 – 1.4 MindTap Module 01 Security for Life 1+ hour
1.1 – 1.4 MindTap Module 01 Quiz 10–15 minutes
[return to top]
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 2
website, in whole or in part.
, Instructor Manual: Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1: Introduction to
Information Security
Key Terms
In order of use:
computer security: In the early days of computers, this term specified the protection of the
physical location and assets associated with computer technology from outside threats, but it
later came to represent all actions taken to protect computer systems from losses.
security: A state of being secure and free from danger or harm as well as the actions taken to
make someone or something secure.
information security: Protection of the confidentiality, integrity, and availability of information
assets, whether in storage, processing, or transmission, via the application of policy, education,
training and awareness, and technology.
network security: A subset of communications security; the protection of voice and data
networking components, connections, and content.
C.I.A. triad: The industry standard for computer security since the development of the
mainframe; the standard is based on three characteristics that describe the attributes of
information that are important to protect: confidentiality, integrity, and availability.
confidentiality: An attribute of information that describes how data is protected from disclosure
or exposure to unauthorized individuals or systems.
personally identifiable information (PII): Information about a person‘s history, background,
and attributes that can be used to commit identity theft that typically includes a person‘s name,
address, Social Security number, family information, employment history, and financial
information.
integrity: An attribute of information that describes how data is whole, complete, and
uncorrupted.
availability: An attribute of information that describes how data is accessible and correctly
formatted for use without interference or obstruction.
accuracy: An attribute of information that describes how data is free of errors and has the value
that the user expects.
authenticity: An attribute of information that describes how data is genuine or original rather
than reproduced or fabricated.
utility: An attribute of information that describes how data has value or usefulness for an end
purpose.
possession: An attribute of information that describes how the data‘s ownership or control is
legitimate or authorized.
McCumber Cube: A graphical representation of the architectural approach used in computer
and information security that is commonly shown as a cube composed of 3×3×3 cells, similar to
a Rubik‘s Cube.
information system: The entire set of software, hardware, data, people, procedures, and
networks that enable the use of information resources in the organization.
physical security: The protection of material items, objects, or areas from unauthorized access
and misuse.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 3
website, in whole or in part.
, Instructor Manual: Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1: Introduction to
Information Security
bottom-up approach: A method of establishing security policies and/or practices that begins as
a grassroots effort in which systems administrators attempt to improve the security of their
systems.
top-up approach: A methodology of establishing security policies and/or practices that is
initiated by upper management.
chief information officer (CIO): An executive-level position that oversees the organization‘s
computing technology and strives to create efficiency in the processing and access of the
organization‘s information.
chief information security officer (CISO): The title typically assigned to the top information
security manager in an organization.
data owners: Individuals who control and are therefore ultimately responsible for the security
and use of a particular set of information.
data custodians: Individuals who are responsible for the storage, maintenance, and protection
of information.
data stewards: See data custodians.
data trustees: Individuals who are assigned the task of managing a particular set of information
and coordinating its protection, storage, and use.
data users: Internal and external stakeholders (customers, suppliers, and employees) who
interact with information in support of their organization‘s planning and operations.
community of interest: A group of individuals who are united by similar interests or values
within an organization and who share a common goal of helping the organization to meet its
objectives.
[return to top]
What's New in This Module
The following elements are improvements in this module from the previous edition:
This Module was Chapter 1 in the 6th edition.
The content that covered Systems Development was moved to Module 11:
Implementation.
The Module was given a general update and given more current examples.
[return to top]
Module Outline
Introduction to Information Security (1.1, 1.2, PPT Slides 4–17)
I. Recognize that organizations, regardless of their size or purpose, have information they
must protect and store internally and externally.
II. Analyze the importance and reasoning an organization must be responsible for the
information they collect, store, and use.
III. Review the concept of computer security and when the need for it initially arose.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 4
website, in whole or in part.
Information Security
Instructor Manual
Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module
1: Introduction to Information Security
Table of Contents
Purpose and Perspective of the Module ......................................................................................2
Cengage Supplements................................................................................................................2
Module Objectives ......................................................................................................................2
Complete List of Module Activities and Assessments ..................................................................2
Key Terms ..................................................................................................................................3
What's New in This Module .........................................................................................................4
Module Outline ............................................................................................................................4
Discussion Questions................................................................................................................15
Suggested Usage for Lab Activities...........................................................................................16
Additional Activities and Assignments .......................................................................................17
Additional Resources ................................................................................................................17
Cengage Video Resources ............................................................................................................................. 17
Internet Resources ........................................................................................................................................ 17
Appendix ...................................................................................................................................18
Grading Rubrics.............................................................................................................................................. 18
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 1
website, in whole or in part.
, Instructor Manual: Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1: Introduction to
Information Security
Purpose and Perspective of the Module
The first module of the course in information security provides learners the foundational
knowledge to become well versed in the protection systems of any size need within an
organization today. The module begins with fundamental knowledge of what information
security is and the how computer security evolved into what we know now as information
security today. Additionally, learners will gain knowledge on the how information security can be
viewed either as an art or a science and why that is the case.
Cengage Supplements
The following product-level supplements are available in the Instructor Resource Center and
provide additional information that may help you in preparing your course:
PowerPoint slides
Test banks, available in Word, as LMS-ready files, and on the Cognero platform
MindTap Educator Guide
Solution and Answer Guide
This instructor‘s manual
Module Objectives
The following objectives are addressed in this module:
1.1 Define information security.
1.2 Discuss the history of computer security and explain how it evolved into information
security.
1.3 Define key terms and critical concepts of information security.
1.4 Describe the information security roles of professionals within an organization.
Complete List of Module Activities and Assessments
For additional guidance refer to the MindTap Educator Guide.
Module PPT slide Activity/Assessment Duration
Objective
2 Icebreaker: Interview Simulation 10 minutes
1.1–1.2 19–20 Knowledge Check Activity 1 2 minutes
1.3 34–35 Knowledge Check Activity 2 2 minutes
1.4 39–40 Knowledge Check Activity 3 2 minutes
1.1–1.4 MindTap Module 01 Review Questions 30–40 minutes
1.1 – 1.4 MindTap Module 01 Case Exercises 30 minutes
1.1 – 1.4 MindTap Module 01 Exercises 10–30 minutes per
question; 1+ hour
per module
1.1 – 1.4 MindTap Module 01 Security for Life 1+ hour
1.1 – 1.4 MindTap Module 01 Quiz 10–15 minutes
[return to top]
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 2
website, in whole or in part.
, Instructor Manual: Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1: Introduction to
Information Security
Key Terms
In order of use:
computer security: In the early days of computers, this term specified the protection of the
physical location and assets associated with computer technology from outside threats, but it
later came to represent all actions taken to protect computer systems from losses.
security: A state of being secure and free from danger or harm as well as the actions taken to
make someone or something secure.
information security: Protection of the confidentiality, integrity, and availability of information
assets, whether in storage, processing, or transmission, via the application of policy, education,
training and awareness, and technology.
network security: A subset of communications security; the protection of voice and data
networking components, connections, and content.
C.I.A. triad: The industry standard for computer security since the development of the
mainframe; the standard is based on three characteristics that describe the attributes of
information that are important to protect: confidentiality, integrity, and availability.
confidentiality: An attribute of information that describes how data is protected from disclosure
or exposure to unauthorized individuals or systems.
personally identifiable information (PII): Information about a person‘s history, background,
and attributes that can be used to commit identity theft that typically includes a person‘s name,
address, Social Security number, family information, employment history, and financial
information.
integrity: An attribute of information that describes how data is whole, complete, and
uncorrupted.
availability: An attribute of information that describes how data is accessible and correctly
formatted for use without interference or obstruction.
accuracy: An attribute of information that describes how data is free of errors and has the value
that the user expects.
authenticity: An attribute of information that describes how data is genuine or original rather
than reproduced or fabricated.
utility: An attribute of information that describes how data has value or usefulness for an end
purpose.
possession: An attribute of information that describes how the data‘s ownership or control is
legitimate or authorized.
McCumber Cube: A graphical representation of the architectural approach used in computer
and information security that is commonly shown as a cube composed of 3×3×3 cells, similar to
a Rubik‘s Cube.
information system: The entire set of software, hardware, data, people, procedures, and
networks that enable the use of information resources in the organization.
physical security: The protection of material items, objects, or areas from unauthorized access
and misuse.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 3
website, in whole or in part.
, Instructor Manual: Whitman and Mattord, Principles of Information Security 7e, ISBN 978-0-357-50643-1; Module 1: Introduction to
Information Security
bottom-up approach: A method of establishing security policies and/or practices that begins as
a grassroots effort in which systems administrators attempt to improve the security of their
systems.
top-up approach: A methodology of establishing security policies and/or practices that is
initiated by upper management.
chief information officer (CIO): An executive-level position that oversees the organization‘s
computing technology and strives to create efficiency in the processing and access of the
organization‘s information.
chief information security officer (CISO): The title typically assigned to the top information
security manager in an organization.
data owners: Individuals who control and are therefore ultimately responsible for the security
and use of a particular set of information.
data custodians: Individuals who are responsible for the storage, maintenance, and protection
of information.
data stewards: See data custodians.
data trustees: Individuals who are assigned the task of managing a particular set of information
and coordinating its protection, storage, and use.
data users: Internal and external stakeholders (customers, suppliers, and employees) who
interact with information in support of their organization‘s planning and operations.
community of interest: A group of individuals who are united by similar interests or values
within an organization and who share a common goal of helping the organization to meet its
objectives.
[return to top]
What's New in This Module
The following elements are improvements in this module from the previous edition:
This Module was Chapter 1 in the 6th edition.
The content that covered Systems Development was moved to Module 11:
Implementation.
The Module was given a general update and given more current examples.
[return to top]
Module Outline
Introduction to Information Security (1.1, 1.2, PPT Slides 4–17)
I. Recognize that organizations, regardless of their size or purpose, have information they
must protect and store internally and externally.
II. Analyze the importance and reasoning an organization must be responsible for the
information they collect, store, and use.
III. Review the concept of computer security and when the need for it initially arose.
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible 4
website, in whole or in part.
