NOTE TO THE READERS
Upon successful completion of the course, this material is designed to develop a
fundamental understanding of the information security profession, advanced security
threats, cloud computing, cryptography, enterprise risk management and governance.
This serves as a lecture notes compiled from different resources such as books and online
references.
As a vital component of the curriculum, this material is exclusive for the Third year
students who are enrolled in PCIT12 – Information Assurance and Security 2 in Central
Philippines State University taking up Bachelor of Science in Information Technology.
This knowledge is intended to be at the introductory level in curriculum and the
goal is to be able to apply knowledge through the use of current techniques, skills, tools
and practices necessary for the IT profession.
FRANCIS IAN R. ADAD
INSTRUCTOR
, Acknowledgement
In the completion of this module, various people became a helping hand to make
this learning material possible. These people helped the author to fulfil the objective of
this module. Hence, the author is delighted to note their invaluable contribution.
Firstly, the author would like to extend her utmost gratitude to the Almighty Father
for blessing the author with so much more the she deserves, without Him none of this
was possible.
Secondly, the author would like to express her sincere gratitude to her family,
friends and loved ones who was been her supporters since day one. Thank you for your
undying prayers and support for her success in everything that she do.
Lastly, I would like to acknowledge the patience and eagerness of all the students
in learning despite all the struggles they had been through. Never stop learning because
life never stops teaching. May our Almighty Father keep us safe and healthy. May God
bless us all.
, TABLE OF CONTENT
CHAPTER 1 Overview of the Security Environment
Lesson 1 The State of Information Assurance today
Lesson 2 Advanced Persistent Threats
CHAPTER 2 Transitioning to the Future - Cloud and Mobile Computing
Lesson 1 Cloud Computing
CHAPTER 3 Information Assurance Risk Management
Lesson 1 Risk Analysis
, CHAPTER 1 INFORMATION ASSURANCE
LEARNING OUTCOMES:
1. Assess the current security environment, including the risks and
opportunities that attend new processes and technologies.
2. Summarize the nature and role of information assurance in both
providing and protecting information.
INTRODUCTION
Once you understand the importance of information assurance, you need to
embrace some fundamental expectations prior to and during the
implementation of security, independent of the size or nature of the business.
A common model and understanding of information assurance is necessary
if an organization is to speak a common risk language and understand
common objectives. The information assurance model used throughout this
work is the Maconachy-Schou-Ragsdale (MSR) model.
The MSR Model of Information Assurance
In 2001, the Maconachy-Schou-Ragsdale model described three states of
information (storage, transmission, and processing); three essential
countermeasures (technology, policy, and people); and five basic services
(availability, integrity, authentication, confidentiality, and nonrepudiation).
The internationally recognized Association for Computing Machinery (ACM)
adopted this as an extension of the basic confidentiality, integrity, and
availability (CIA) model and an extension of John McCumber’s work in the
early 1990s.
We have identified fundamental expectations and common beliefs acquired
through business practices over the years, and we refer to them here as
information assurance principles. The seven principles specify that
information assurance should do the following:
Upon successful completion of the course, this material is designed to develop a
fundamental understanding of the information security profession, advanced security
threats, cloud computing, cryptography, enterprise risk management and governance.
This serves as a lecture notes compiled from different resources such as books and online
references.
As a vital component of the curriculum, this material is exclusive for the Third year
students who are enrolled in PCIT12 – Information Assurance and Security 2 in Central
Philippines State University taking up Bachelor of Science in Information Technology.
This knowledge is intended to be at the introductory level in curriculum and the
goal is to be able to apply knowledge through the use of current techniques, skills, tools
and practices necessary for the IT profession.
FRANCIS IAN R. ADAD
INSTRUCTOR
, Acknowledgement
In the completion of this module, various people became a helping hand to make
this learning material possible. These people helped the author to fulfil the objective of
this module. Hence, the author is delighted to note their invaluable contribution.
Firstly, the author would like to extend her utmost gratitude to the Almighty Father
for blessing the author with so much more the she deserves, without Him none of this
was possible.
Secondly, the author would like to express her sincere gratitude to her family,
friends and loved ones who was been her supporters since day one. Thank you for your
undying prayers and support for her success in everything that she do.
Lastly, I would like to acknowledge the patience and eagerness of all the students
in learning despite all the struggles they had been through. Never stop learning because
life never stops teaching. May our Almighty Father keep us safe and healthy. May God
bless us all.
, TABLE OF CONTENT
CHAPTER 1 Overview of the Security Environment
Lesson 1 The State of Information Assurance today
Lesson 2 Advanced Persistent Threats
CHAPTER 2 Transitioning to the Future - Cloud and Mobile Computing
Lesson 1 Cloud Computing
CHAPTER 3 Information Assurance Risk Management
Lesson 1 Risk Analysis
, CHAPTER 1 INFORMATION ASSURANCE
LEARNING OUTCOMES:
1. Assess the current security environment, including the risks and
opportunities that attend new processes and technologies.
2. Summarize the nature and role of information assurance in both
providing and protecting information.
INTRODUCTION
Once you understand the importance of information assurance, you need to
embrace some fundamental expectations prior to and during the
implementation of security, independent of the size or nature of the business.
A common model and understanding of information assurance is necessary
if an organization is to speak a common risk language and understand
common objectives. The information assurance model used throughout this
work is the Maconachy-Schou-Ragsdale (MSR) model.
The MSR Model of Information Assurance
In 2001, the Maconachy-Schou-Ragsdale model described three states of
information (storage, transmission, and processing); three essential
countermeasures (technology, policy, and people); and five basic services
(availability, integrity, authentication, confidentiality, and nonrepudiation).
The internationally recognized Association for Computing Machinery (ACM)
adopted this as an extension of the basic confidentiality, integrity, and
availability (CIA) model and an extension of John McCumber’s work in the
early 1990s.
We have identified fundamental expectations and common beliefs acquired
through business practices over the years, and we refer to them here as
information assurance principles. The seven principles specify that
information assurance should do the following:
