I.

Overview
This course examines fundamentals of network security involved in creating and
managing secure computer network environments. Both hardware and software topics are
considered, including authentication methods, remote access, network security architectures
and devices, cryptography, forensics and disaster recovery plans.

II. Lesson 1: Information Assurance VS Information Security

A. Introduction

In the modern world, digital information is an important asset that is under constant
threat of theft, exploitation, and unexpected loss. Professionals who specialize in either
information assurance or information security are experienced in delivering services that can
protect against digital threats. Although both specialties guard computer systems and digital
networks, the techniques taught and practiced in each discipline are often different. This lesson
will present the similarities and differences in information assurance vs. information security
that will help you understand and provide you with perspective as you pursue your career in
information technology.

B. Learning Contents

Good day to you! Hoping that this learning module finds you in good health. And as we
welcome ourselves with this “new normal” as well as to commemorate our first step in moving
forward; take a selfie holding a sign “Let’s do this!” (some call this a fan sign) and send to our
Google classroom. A successful upload of this selfie is worth 5 points. Easy huh?
This module is about information assurance and security; so what is information? How
does information differ from data? According to Blyth and Kovacich, information is data
endowed with relevance and purpose. Converting data into information thus requires
knowledge. Knowledge by definition is specialized. And for an information to be useful, it should
possess the following characteristics: accurate, timely, complete, verifiable, consistent, and
available.
Now that we defined what information is, next is we will discuss what information
assurance and information security is.

What Is Information Assurance?

Before we answer that, let’s define assurance. Assurance is confidence or certainty in
one’s own ability. What does that mean? Assurance from what or to do what? Is it
contextdependent?
 According to the U.S. Department of Defense, Information Assurance (IA) involves:
Actions taken that protect and defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality and non-repudiation. This includes
providing for restoration of information systems by incorporating protection, detection and
reaction capabilities.
Information assurance is a field that safeguards the integrity of data used by individuals
or organizations. To this end, occupations related to information assurance often involve
managing the risks associated with using, processing, storing, and transferring data. This is a
complex task, because information assurance applies to data in both digital and physical forms,
with the physical form considered any electronic device used to store data. Further IA can be
defined as the study of how to protect your information assets from destruction, degradation,
manipulation and exploitation. But also, how to recover should any of those happen.

What Is Information Security?

Information security is the practice of preventing illicit access to private information.
From a practical standpoint, information security focuses heavily on the development and
implementation of tools and techniques for keeping data safe. This ranges from creating
network security infrastructures to designing defensive software applications that ward off
threats. The National Institute of Standards and Technology defines information security as any
efforts to protect information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction.
Information security strategies target three key metrics: the integrity, confidentiality,
and availability of information systems. Protecting the integrity of information entails guarding
against unauthorized alteration or destruction of data. Preserving confidentiality of information
involves restricting access to private personal or proprietary information. Finally, maintaining
the availability of information systems requires ensuring that information can be reliably
accessed by authorized personnel. Each of these processes is covered in-depth through
information security classes, allowing professionals to develop the ability to craft
comprehensive cyber security strategies.

How They Are Similar

In many regards, information assurance can be described as an offshoot of information
security, as both fields involve safeguarding digitally stored information. At a deeper level,
professionals in both fields use physical, technical, and administrative means to achieve their
objectives.
For instance, information assurance and information security professionals both seek
the most secure physical data infrastructure possible to protect an organization’s information.
They both leverage advanced technical safeguards, such as cutting-edge firewalls. An
assessment of information assurance vs. information security also reveals a similarity in the
threats they face.
Both fields are concerned with privacy issues and fraud, malicious hackers, and the strategic
defense and recovery of information systems before and after catastrophic events.

Core Function Differences

Information assurance is a broader discipline that combines information security with
the business aspects of information management. Information assurance work typically involves
implementing organization-wide standards that aim to minimize the risk of a company being
harmed by cyber threats. To achieve this, an information assurance team may do something like
overhauling login authentication systems or performing routine backups of important company
data. Thus, information assurance professionals are more concerned with addressing the
overall risk to an organization’s information, rather than dealing with an individual, exterior
threats.
Information security is a more hands-on discipline. It prioritizes developing tools,
technologies, and other countermeasures that can be used to protect information, especially
from exterior threats. The subtle difference between the two fields means earning a degree
featuring both disciplines can offer students a well-rounded skill set, which can potentially help
graduates qualify for senior positions in the information security and assurance industries.
Information assurance and security did not come overnight. As the technology evolves
so does threats and vulnerabilities. The next topic is how information security evolved.

Evolution of Information Security

The first computer networks consisted of the military ARPANET and university
computers connected to each other through it. Over time, this framework would evolve into the
Internet and open a vast range of opportunities for individuals and institutions to interact
online. The development of these early networks saw the emergence of threats to them and
the need to protect valuable data.
In 1975, two enterprising researchers working for Xerox invented one of the very first
malicious programs. Called a “worm”, it searched for idle computer processors as a method for
testing and improvement. The creators of a simple diagnostic tool unwittingly created the first
malware and coined the term commonly used for a wide range of malicious software
applications.
During the 1980's and 90's, hackers began to emerge as a serious threat to network
security. Computer attacks aimed at government, military, and commercial networks became
more serious. The increased danger prompted The Computer Fraud and Abuse Act of 1986 and
the first Computer Emergency Response Team (CERT) to address the issue and educate
computer users about security issues.
With the 1990's came the Internet explosion and a whole new level of threats to
networks and your own personal information. In response to the risks, network security experts
developed better encryption methods, Internet protocols, and secure socket layer technologies
to protect against malware, hacking and identity theft.
In the 2000’s new technology such as signature based communication made personal
information better protected. New concerns regarding hacking and the growth of the world
wide web placed a strong emphasis on protection from security breaches. Funding consistently
increased when it came to information security needs. The Software Development Life Cycle
created security guidelines and standards designed to reduce vulnerabilities across companies.
From seeing the harm that security breaches can do to a firm, many executives began to fund
advanced information security so that the brand itself did not get damaged and so that the firm
did not become the next big name on the news for experiencing a data breach.
The now and the future… With the new cloud based concept, companies are having to
find new ways to oversee and protect their valuable information. Nowadays, information
security is a key driver in corporate strategy across a firm. Security doesn’t stop at computers
any longer. Now, cell phones, tablets and at home computers must be analyzed and protected
from any potential security threats as well. Case in point, information security is an ever
evolving topic that should be a high priority within any business or organization.
And speaking of organization, let’s discuss the roles of professionals in an organization in
ensuring the information assurance and security. One of these roles could be yours in the
future; so do keep an open mind.

Roles of the Cyber Security Professional

At a mile-high level, cybersecurity professionals are responsible for protecting IT
infrastructure, edge devices, networks, and data. More granularly, they are responsible for
preventing data breaches and monitoring and reacting to attacks. Many have backgrounds as
programmers, and systems or network administrators, and in math and statistics. Those skills
are undoubtedly relevant to the role of an IT security professional, but equally as critical are the
things that aren’t necessarily things that can be taught – critical thinking, curiosity, and a
passion for learning and research. People from all kinds of backgrounds possess those qualities,
so companies shouldn’t limit themselves to a narrow pool of candidates. Further, hackers are
creative by nature. To outsmart them, security pros need to be, as well.
Responsibilities of the Cyber Security Professional
New security threats pop up all the time, and IT security professionals need to stay up to
date with the latest tactics hackers are employing in the field. In addition to the high-level
responsibilities mentioned above, some specific duties IT security teams do, include:
 Set and implement user access controls and identity and access management systems
 Monitor network and application performance to identify and irregular activity
 Perform regular audits to ensure security practices are compliant
 Deploy endpoint detection and prevention tools to thwart malicious hacks
 Set up patch management systems to update applications automatically
 Implement comprehensive vulnerability management systems across all assets
onpremises and in the cloud
 Work with IT operations to set up a shared disaster recovery/business continuity plan
 Work with HR and/or team leads to educate employees on how to identify suspicious
activity

Have you decided to be a security professional? Can you handle the responsibilities? I
know you could! Now that this lesson is at its end, we need to have an assessment.
C. Assessment
1. Ana Maria is trying to withdraw at an ATM. What is the role of information assurance in
this transaction? How does information assurance helps Ana to feel confident that her
transaction is safe?
2. Jose Marie is trying to log-in to his facebook account. What is the role of information
security in this process? How does information security helps Jose Marie to feel safe in this
operation?
3. Describe the similarities and differences between information assurance and
information security.
4. Pick at least three responsibilities of a cyber-security professional; if you will become
one, what traits would you want to possess in order to perform your role effectively and
efficiently.
5. Fill in the timeline below of the significant issues and development in Information
Security.
 1970s 1980s 1990s 2000s 2020s

Worm

D. Enrichment Activities

Word Clouds, according to Google is “an image composed of words used in a particular text or
subject, in which the size of each word indicates its frequency or importance.” Below is an
example of a Word clouds. Now, using subjects or topics in the Information Assurance and
Security; make a Word Clouds.