ILOCOS SUR POLYTECHNIC STATE COLLEGE

Santa Maria Campus

MODULE
I. COURSE TITLE
IT Electives 2 Information Assurance and Security

II. COURSE OVERVIEW

This course focuses on Information Security, integrity, and Privacy techniques. Topics
include the nature and challenges of computer security, the relationship between policy
and security, the role and application of cryptography, the mechanisms used to implement
policies, the methodologies and technologies for assurance and vulnerability analysis, and
intrusion detection.

COURSE LEARNING OUTCOME

At the end of the course, you should be able to acquire the following
competencies;

• Impact of Systems Security and Information Assurance (IA) for Organization.

• Understand the broad role of Information Assurance in the Business Process.
• Understand the technical foundations for Information Assurance.
• Study the implications for IA in Inter-Organizational Business Process and Enterprise
Information Systems.
• Understand the issues in managing the security of Information Systems.
• Understand how to assess and mitigate the risks and vulnerabilities.

COURSE CONTENT

LESSON 1:
Introduction to IAS

LESSON 2:
Risk Assessment and Management

LESSON 3:
The ISO27001 IAS Requirements

LESSON 4:
ISO 27001 Controls and Control Objectives

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
LESSON 5:
Implementing Information Security

LESSON 6:
Information Security Policies

COURSE STUDY GUIDE

This module was prepared for you, to work and learn on your own. However, you can
also work and learn in a group setting (peer learning). There is a virtual class created for this
course and the lessons will also be posted there together with the requirements, important
updates, and announcements.

To have the best in working with this module, you are reminded to follow this simple
yet effective guideline:
1. Manage your time well. A course study schedule is prepared for you to help you study
the modules in this course. The productive use of your time and energy will help you
a lot in finishing the scheduled activities.
2. Focus your attention. The key element for better understanding is having the focus
on the things to be done.
3. Give your best. Always remember that success will be attained in everything you do
by giving extra effort in the things you are doing. Giving your best also means
observing Honesty in doing the assigned tasks you are asked to do in this module.
Never let someone do the task for you or copy the work of your classmates.
4. Submit on time. Work diligently. Do not procrastinate. Remember time is gold. Work
immediately on the task at hand for you to follow the scheduled time for submission.
5. Be patient, Motivate yourself. Patience equates to success. Always think of the bright
future ahead. And to get there, start moving now.
6. Answer confidently. Study hard, surf the internet, read and read and read more. The
more you know, the more confident you become.
7. Work independently. You can do it! Your future lies in your own hands and your own
decisions. So, practice working independently, trust yourself, be independent.
8. Contact me. If you have any questions, don’t hesitate to ask me through my:

e-Mail: [email protected]
Phone: +63-956-810-4011

COURSE STUDY SCHEDULE

The lessons are spread over the whole semester and presented weekly. Some
lessons require one week, while others may take longer to work on. Always be reminded
of the scheduled quizzes and submission of outputs and other requirements. If you will
encounter problems feel free to contact me.
WEEK TOPIC LEARNING ACTIVITIES SPECIAL INSTRUCTIONS

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus
MODULE
1,2 Lesson 1 - Introduction Read Information/Lesson
to Information
Assurance and
Security
Answer/Perform the
Intended Learning
Activity
Answer Research/
Perform the Assignment
Answer Assessment or
Self Check Activity
3,4,5 Lesson 2 - Risk Read Information/Lesson
Assessment and
Management
Answer/Perform the
Intended Learning
Activity
Answer Research/
Perform the Assignment
Answer Assessment or
Self Check Activity
Course Code: IT Electives 2
Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
Research more
information or details
regarding the topics.
Take note of the
important points
Work on the intended
learning
activity/worksheet and
submit it to your
instructor
Do research/work on
the assignment then
submit your output on
the specified date.
Written assignments will
be submitted
Answer the assessment.
You must have to get
at least 85% before
proceeding to the next
activity, if not re-read
the activity and have a
re-take
Research more
information or details
regarding the topics.
Take note of the
important points
Work on the intended
learning
activity/worksheet and
submit it to your
instructor
Do research/work on
the assignment then
submit your output on
the specified date.
Written assignments will
be submitted
Answer the assessment.
You must have to get
at least 85% before
proceeding to the next
activity, if not re-read
the activity and have a
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus
MODULE
6,7 Lesson 3 - Information Read Information/Lesson
Security Management
System ISO 27001
Answer/Perform the
Intended Learning
Activity
Answer Research/
Perform the Assignment
Answer Assessment or
Self Check Activity
8,9,10,11 Lesson 4 - ISO 27001 Read Information/Lesson
Controls and Control
Objectives
Answer/Perform the
Intended Learning
Activity
Answer Research/
Perform the Assignment
Answer Assessment or
Self Check Activity
Course Code: IT Electives 2
Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
re-take
Research more
information or details
regarding the topics.
Take note of the
important points
Work on the intended
learning
activity/worksheet and
submit it to your
instructor
Do research/work on
the assignment then
submit your output on
the specified date.
Written assignments will
be submitted
Answer the assessment.
You must have to get
at least 85% before
proceeding to the next
activity, if not re-read
the activity and have a
re-take
Research more
information or details
regarding the topics.
Take note of the
important points
Work on the intended
learning
activity/worksheet and
submit it to your
instructor
Do research/work on
the assignment then
submit your output on
the specified date.
Written assignments will
be submitted
Answer the assessment.
You must have to get
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus
MODULE
12,13,14 Lesson 5 - Read Information/Lesson
Implementing
Information Security
Answer/Perform the
Intended Learning
Activity
Answer Research/
Perform the Assignment
Answer Assessment or
Self Check Activity
15,16,17,18 Lesson 6 - Information Read Information/Lesson
Security Policies
Answer/Perform the
Intended Learning
Activity
Answer Research/
Perform the Assignment
Answer Assessment or
Course Code: IT Electives 2
Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
at least 85% before
proceeding to the next
activity, if not re-read
the activity and have a
re-take
Research more
information or details
regarding the topics.
Take note of the
important points
Work on the intended
learning
activity/worksheet and
submit it to your
instructor
Do research/work on
the assignment then
submit your output on
the specified date.
Written assignments will
be submitted
Answer the assessment.
You must have to get
at least 85% before
proceeding to the next
activity, if not re-read
the activity and have a
re-take
Research more
information or details
regarding the topics.
Take note of the
important points
Work on the intended
learning
activity/worksheet and
submit it to your
instructor
Do research/work on
the assignment then
submit your output on
the specified date.
Written assignments will
be submitted
Answer the assessment.
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
Self Check Activity You must have to get
at least 85% before
proceeding to the next
activity, if not re-read
the activity and have a
re-take

COURSE EVALUATION

Your grade for the course will be based on your performance and submission of
required outputs. Your performance refers to participation in the virtual class, prompt
submission of outputs, quality of your outputs, quiz results, and term exam results. Your
outputs may include but are not limited to assignments, worksheets, research work, and
projects.

The grade for the subject will be determined using the following approved grading system.
To pass the course, you must get a great equivalent of 75% or higher. You will get a mark of
IP (In Progress) if you fail to finish all the requirements.

TERM GRADE: FINAL GRADE:

Class Standing 60%

Quizzes Midterms 50%
Assignments Finals 50%
Worksheets
Participation
Post-test

Term Exam 40%

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
HOW TO USE THE MODULE
Kindly refer to the flow chart below

Study the lesson Proceed to the

again next lesson

Obtain the module at

the pick up kiosk or
pass
online

Study and work on Answer the post-test

the lesson or assessment

SYMBOLS

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Introduction to Information Security

Management System

What is INFORMATION?
Stored on Computers
Transmitted across networks
Printed out or written on paper
Sent by fax, email, or chat
Stored on tapes, disks, flash drive, or cloud
Spoken in conversations (face to face or virtual)

Shown on films or presentations

Et cetera
Information – a knowledge obtained from investigation, study, or instruction. Intelligence, News,
Facts, or Data. It may be stored on Computers, transmitted across networks, printed out or written
on paper, sent by fax, email, or conversations. Stored on storage devices cloud, spoken (Face to
face or Virtual), shown on films or presentations, etc.

Information Technology Infrastructure

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Key Components of IT infrastructure

• Hardware – comprises routers, switches, data centers, servers, hubs, computers, and
more.
• Network – covers firewalls and security, internet connectivity, and network
enablement.
• Operating system (OS) platforms – typically dominated by Windows and Linux
systems. The software manages system activities and resources.
• Software – incorporates various types of productivity applications. Customer
relationship management (CRM) and enterprise resource planning (ERP) programs
are good examples.

Uses of IT Infrastructure
• Data Collection
• Data Analysis, Reduction, and Reporting
• Statistical Analysis
• Process control
• Automated Test and Inspection
• System Design
• Document Management
• Internet Access
• E-mails/ Chats/ IM
• Video Conferencing
• Virtual Teaming
• E-Learning
• E-Commerce
• Website Design

IT professionals use IT infrastructure to improve the availability, utilization, and

performance of system resources. Maximizing virtualization involves a wide variety of
components, such as storage, network, servers, and security apparatus.

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Challenges of Managing the IT Infrastructure

Outsourcing Changing Loss of Competitive
Technologies New IT Projects Advantage

“Free” Access for System Crashes

Employees TRUST

Hackers & Opportunities for

Extremists FRAUD VIRUSES

• Outsourcing
An agreement in which one company hires another company to be responsible for
a planned or existing activity that is or could be done internally, and sometimes
involves transferring employees and assets from one firm to another.
• Changing Technologies
An exponential or hyperbolic process whereby new technologies make the new
invention of new technologies easier and faster resulting in acceleration change.
• New IT Projects
New Developments in Information Technology: Web Development, Application
Development, and Systems Development
• Loss of Competitive Advantage
Also known as the loss of future earning capacity. Injuries may cause you lots of pain.
Yet not so obvious is the suffering that continues as you watch yourself being
replaced by other equally capable candidates, or even by people with lower levels
of skill, education, or qualifications than you, all because of your injury! Fortunately,
LOCA damages may be available to compensate you for the loss of your ability to
compete in the work field.
• “Free” Access of Employees
In an Organization where information lacks security, the risk of exploitation is
unavoidable also if some employees have some issue with the management. That’s
why “free” Access of Employees on Information or Data Collection was too risky.
• System Crashes
Occurs when a computer program such as a software application or an operating
system stops functioning properly and exits. When the system crashes data may be
available or unavailable, revisions won’t be saved and this is also a common cause
of Data Loss
• TRUST
Easy to Lose, Hard to Gain. Organizations are increasingly aware that their
employees can represent a significant risk. A single employee could, through just a

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
few clicks, download millions of customer records or transfer vast sums of money
from one account to another. In response, most businesses have processes in place
which control and monitor their staff. This ranges from limiting access rights on IT
systems and monitoring online activity to CCTV surveillance.
• Hackers & Extremists
Hackers are unauthorized users who break into computer systems to steal, change
or destroy information. While Extremists hold extreme or fanatical political or religious
views, especially one who resorts to or advocates extreme action. They are
sometimes hard to handle.
• Opportunities for FRAUD
The “opportunity” element of fraud also refers to the circumstances that allow fraud
to occur. Without it, fraud becomes impossible. This is the only component of the
fraud triangle over which the company exercises significant, or in some
circumstances complete, control.
• Viruses
impede the normal operation of your computer, collect sensitive information, or gain
access to private networks and systems. When infected by Malware, installed
computer programs can become corrupted or stop working altogether. Computer
performance is slowed down. Multiple copies of files are created which occupy disk
space and leaves less storage space for your files. Some malware can also spy on
your computer activity and steal data.

The following image is an example of an attack or breach in network security:

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

The level of knowledge required by intruders is getting steadily lower, yet their ability to
perpetrate sophisticated attacks against the survivability of systems has increased.

Contributing factors include:

• The explosion of computer and Internet availability
• Increase in broadband availability in residential areas
• Low priority of security for software developers
• Difficulty patching vulnerabilities on all systems
• Graphical user interface (GUI) based tools that exploit known software
vulnerabilities
• Availability of "malware" (malicious software) authoring/editing tools
• Introduction of tools that attempt to exploit multiple vulnerabilities

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Three Aspects of Information Security

Information security consists of methods used to protect data or information being
transmitted for preserving the integrity, confidentiality, and availability of the information.

Confidentiality
The state of keeping or being kept secret/private. In ISMS, the information should be
available only to authorized individuals.
Confidentiality is the protection of transmitted data from passive attacks. The two
important concepts are:
• Data Confidentiality: Assures that private or confidential information is not disclosed
to the unauthorized user.
• Privacy: Assures that individuals control information related to them.

Availability
The State of being or otherwise unoccupied. In ISMS, Information should be accessible to
those who are authorized to access it when they need it.
Assures that system works correctly and service is available to authorized users.

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
Integrity
Internal consistency or lack of corruption in electronic data. The state of being whole or
undivided. In ISMS, the information should be modified only by authorized individuals.
Integrity assures that messages are received as sent with no duplication, insertion,
modification, reordering, or replays.
The two important concepts are:
• Data Integrity: Assures information is changed only in an authorized manner.
• System integrity: Assures that the system performs intended function property and
free from unauthorized manipulation.

“These three concepts are termed as CIA triad and embody fundamental security
objectives for data and information services.”

Information Security: Management Challenge or Technical

Issue?

Take Note:
If you do not manage security, you will not have information security.
Why? because it is not possible, to be secure by chance.
InfoSec – Information Security

In this pie figure there are two groups of measure:

1. Organizational
2. Technical
Organizational Measures depend on people, complying with rules/regulation. If managers
break rules, the commitment within the team and security is lost.
Technical measures depend on people running technical systems on a secure level. No
capacity dedicated by management to care for security is “no security”. depend on the
decisions of managers. Money has to be spent.
Usually, there is a gap between implemented and required measures. If nobody is

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
responsible, the gap resists until risk strikes in a way, management can't ignore.
And last but not least: “No awareness, no security”.
The determination of criminals is the benchmark.
3 components are leading to crime:
1. motivation
2. opportunity
3. determination
The “crime triangle” - if all 3 happen, crime strikes.
if criminals are motivated (and usually they are), they use the opportunity that companies
offer to them. Then, their determination to act on these opportunities decides, if a company
is a target. The only way to manage security is to reduce opportunities. without
management understanding the opportunities from the point of view of the offenders,
measures will not be effective.

Some IT Professionals categorized human factors which affect information security, namely:
• human factor
• organization factor
because they believe that the review of previous research work shows that the human
factor is most important than the other factors. They also propose the division of the human
factors into two groups:
• factors that belong to management, namely workload, and inadequate staffing
• factors related to end-user, namely, lack of awareness, (risky) belief, (risky) behavior,
inadequate use of technology, lack of motivation.

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
Five human factors determined by IT Professionals that have serious
implications to end users’ behavior:
1. Lack of Motivation
Employees need to be motivated to adopt secure behaviors and practices;
management needs to be able to identify what motivates their staff.
2. Lack of Awareness
Related with a lack of general knowledge about Attacks.
Example:
• Users do not know how to see a sign of spyware on their computer
• How important is it to specify a strong password
• They cannot protect themselves from identity theft
• Social engineering - the use of deception to manipulate individuals into divulging confidential
or personal information that may be used for fraudulent purposes.
• They do not know how to control the access of others to their devices
3. Belief
Interpreted as Users Risky Belief
Example:
• Users believe that the installation of Anti-virus software is not crucial for their
information
• They are ready to click on a link while they receive an email from unknown
persons.
4. Behavior
Interpreted as the Users Risky Behavior or the loss of prevention behavior.
Indolence detection and prevention on data breaches, exfiltration, or unwanted
destruction of sensitive data.
5. Inadequate Use of Technology
The finest technology cannot succeed in solving information security problems
without continuous human cooperation and the effective use of technologies.
Common Examples of inappropriate uses of technology are the following:
• Making unauthorized reconfiguration of systems
• Accessing passwords of others
• Retrieving inappropriate information
IT Professionals believe that “Giving individuals knowledge of IT Security basics
such as threats, risk, and consequences of their actions will allow individuals to
gradually adapt to constant change and hence allow us to predict expected
behavior”

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Information Security Management System (ISMS) is a set of policies and procedures

for systematically managing an organization's sensitive data. The goal of an ISMS is to
minimize risk and ensure business continuity by pro-actively limiting the impact of a security
breach.
An ISMS typically addresses employee behavior and processes as well as data and
technology. It can be targeted towards a particular type of data, such as customer data,
or it can be implemented in a comprehensive way that becomes part of the company's
culture.
ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions
but includes suggestions for documentation, internal audits, continual improvement, and
corrective and preventive action.

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

ISO (International Organization for Standardization) is an independent, non-

governmental, international organization that develops standards to ensure the quality,
safety, and efficiency of products, services, and systems.

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Notable ISO Milestones

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

ISO 27001 standard provides complete guidance, covering everything from establishing and
implementing the framework to how it is operated and monitored. It even recommends ways to
maintain and improve your systems.

ISO 27001 works using a top-down, risk-based approach. It generates scope, taking into
account the context of the organization, planning and analyzing processes, current performance,
and addresses the findings to show where improvements can be made.

It is important to note that ISO 27001 does not work independently. Instead, it requires input
by management to examine the security risks present and take the appropriate actions based on
the threats and vulnerabilities present. Management will have to create and implement their
security controls or other forms of risk management; that is, risk avoidance or risk transfer and to
address the problems present.

The best practice is to adopt an overarching security management process that is ISO 27001
approved. This ensures that your security controls meet the required standards needed for your
organization on an ongoing basis.

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

However, even with a system such as this in place, you will still need to take manual action
from time to time to respond to threats and make improvements and changes to the system.
Security controls are very important; therefore, you must take the necessary time to ensure that your
system runs as efficiently as possible.

ISO 27002 standard is a collection of information security guidelines that are intended
to help an organization implement, maintain, and improve its information security
management.

ISO 27002 provides hundreds of potential controls and control mechanisms that are
designed to be implemented with guidance provided within ISO 27001. The suggested
controls listed in the standard are intended to address specific issues identified during a
formal risk assessment. The standard is also intended to provide a guide for the
development of security standards and effective security management practices.

ISO 27002 is published by the International Organization for Standardization (ISO) and
the International Electrotechnical Commission (IEC). ISO 27002 was originally named
ISO/IEC 1779, and published in 2000. It was updated in 2005 when it was accompanied by
the newly published ISO 27001. The two standards are intended to be used together, with
one complimenting the other. The standards are updated regularly to incorporate
references to other ISO/IEC issued security standards such as ISO/IEC 27000 and ISO/IEC
27005, also, to add information security best practices that emerged since previous
publications. These include the selection, implementation, and management of controls
based on an organization's unique information security risk environment.

The 2013 publication of ISO 27002 contains 114 controls, including those for:
• Structure
• Security policies
• Organization of information security

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE
• Human resources security
• IT asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• Information systems acquisition, development, maintenance
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity
• Compliance

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units
ILOCOS SUR POLYTECHNIC STATE COLLEGE
Santa Maria Campus

MODULE

Learning Exercises
Activities we’re uploaded on Google Classroom. Good Luck!

Reference:
Development Academy of the Philippines – Training Course on Information Security Management System

Course Code: IT Electives 2

Descriptive Title: Information Assurance and Security
Instructor: Vladimir P. Tabuyo
Unit Number: 3 Units