Information Assurance and Security – Topics Outline

I. Introduction to Information Assurance and Security

 Definition and Scope of Information Assurance

 Difference between Information Security and Cybersecurity

 The CIA Triad: Confidentiality, Integrity, Availability

 Importance of Information Security in Modern Organizations

II. Threats and Vulnerabilities

 Types of Threats: Natural, Accidental, Intentional

 Malware: Viruses, Worms, Trojans, Ransomware

 Social Engineering Attacks (e.g., Phishing, Pretexting, Baiting)

 Vulnerability Types: Software, Hardware, Network

III. Risk Management

 Risk Identification and Analysis

 Risk Assessment Methodologies

 Risk Mitigation and Treatment

 Business Impact Analysis (BIA)

IV. Security Policies and Procedures

 Purpose of Security Policies

 Acceptable Use Policy

 Password Policy

 Incident Response Policy

 Data Classification and Handling

V. Cryptography

 Basic Principles of Cryptography

 Symmetric vs. Asymmetric Encryption

 Common Algorithms (AES, RSA, SHA)

 Digital Signatures and Certificates

 Public Key Infrastructure (PKI)

VI. Network Security

 Firewalls and Intrusion Detection Systems (IDS)

 Virtual Private Network (VPN)

 Wireless Security (WPA, WPA2, WPA3)

 Network Access Control

VII. System and Application Security

 Operating System Security (Windows/Linux/Unix)

 Secure Coding Practices

 Software Vulnerabilities (Buffer Overflow, SQL Injection)

 Patch Management

VIII. Identity and Access Management (IAM)

 Authentication vs. Authorization

 Single Sign-On (SSO)

 Multi-Factor Authentication (MFA)

 Role-Based Access Control (RBAC)

IX. Incident Response and Recovery

 Phases of Incident Response

 Digital Forensics Basics

 Disaster Recovery Planning (DRP)

 Business Continuity Planning (BCP)

X. Legal, Ethical, and Regulatory Issues

 Data Privacy Laws (e.g., GDPR, Data Privacy Act of the Philippines)

 Intellectual Property Rights

 Cybercrime Laws and Regulations

 Ethical Hacking and Responsible Disclosure

XI. Security Awareness and Training

 Building a Security Culture

 Employee Security Training

 Simulated Phishing Exercises

XII. Emerging Trends and Technologies

 Cloud Security

 Internet of Things (IoT) Security

 Artificial Intelligence in Security

 Zero Trust Architecture

 Blockchain for Security

Definition:
Information Assurance (IA) is the practice of managing risks related to the use, processing, storage, and
transmission of data. It ensures that information systems remain trustworthy, secure, and reliable.

Information Assurance Covers:

 Data in storage (e.g., files on a server)

 Data in transit (e.g., emails or online forms)

 Data in use (e.g., accessed in real-time apps)

Scope Includes:

 Risk Management – Identifying threats and minimizing them.

 Policies & Procedures – Documented rules to guide users and administrators.

 Security Awareness Training – Teaching users how to protect data.

 Incident Response – Reacting to and recovering from breaches or attacks.

 System Monitoring & Auditing – Keeping an eye on activities within systems.

 Disaster Recovery – Plans for resuming operations after data loss or damage.

🧠 Example:
A university uses IA to ensure grades, ID information, and tuition records are protected from
unauthorized access, alteration, or deletion.

🟦 III. Difference between Information Security and Cybersecurity (10 minutes)

📌 Information Security (InfoSec):

 Focuses on protecting all types of information, digital or physical.

 Examples: Locking physical files, shredding documents, encrypting flash drives.

📌 Cybersecurity:

 A subset of InfoSec, focusing specifically on protecting digital systems.

 Examples: Firewalls, antivirus software, phishing protection.

Topic Information Security Cybersecurity

Scope Broader (physical + digital) Narrower (digital systems only)

Includes Printed docs, oral info, digital data Networks, software, apps
 Common Theft, social engineering Malware, hacking, phishing
Threats

🔍 Example:

 If someone steals printed client records — that's an InfoSec concern.

 If someone hacks your email and steals your data — that’s Cybersecurity.

🟦 IV. The CIA Triad: Confidentiality, Integrity, Availability (15 minutes)

The CIA Triad is the core framework of Information Assurance and Security.

1️⃣ Confidentiality

Protects data from unauthorized access.

Example:
Only HR can view employee salaries.

2️⃣ Integrity

Ensures data is accurate and unchanged.

Example:
During an online vote, if someone changes the vote count, integrity is lost.

3️⃣ Availability

Ensures information is accessible when needed.

Example:
A hospital system must be available 24/7 to access patient data.

🧠 Mini-Activity:
Match the scenario to the CIA Triad:

 Your password was leaked. (Confidentiality)

 You can't access your school portal during enrollment. (Availability)

 Your grades were changed without permission. (Integrity)

🟦 V. Importance of Information Security in Modern Organizations (15 minutes)

✅ Key Benefits of Information Security:

1. Protects Sensitive Data – like personal information, passwords, or health records.

2. Prevents Financial Loss – Cyberattacks can cost millions.

3. Ensures Compliance – Companies must follow laws like the Data Privacy Act.

4. Preserves Trust and Reputation – Customers lose faith after data breaches.

5. Maintains Business Continuity – Keeps services running even during disasters.

🧾 Real-World Case Study:

Jollibee Cyberattack (2023):

This is why LGUs, schools, hospitals, and even small businesses must invest in Information Assurance.

🟦 VI. Wrap-Up & Q&A (5 minutes)

Let’s review:

 Information Assurance is about protecting and managing data risks.

 InfoSec includes both digital and physical protection, while Cybersecurity focuses only on the
digital realm.

 The CIA Triad helps guide every security strategy: Confidentiality, Integrity, Availability.

 Modern organizations need strong security to thrive in the digital world.

🧠 Quick Recap Quiz:

1. What does the “C” in CIA stand for?

2. Which is broader: InfoSec or Cybersecurity?

3. Give one real-world example of a breach of “Availability.”

📌 Assignment:

Write a one-page paper answering:

 Find one example of a real-world data breach.

 What went wrong?

 What could have prevented it?