Assignment 1: Review Security Fundamentals

For this first assignment, you will review some basic security concepts and consider how those concepts are applicable to you in your professional role. As part of the first discussion post, you will also introduce yourself to the rest of the class.

Background Material

In order to understand security policy, we must first understand what we mean by information security. To understand information security, it is perhaps best to start with the CIA Triad and the analysis of threats, vulnerabilites, and controls. Please review the following two pages for more information on these topics:

• Introduction to Security
• Threats, Vulnerabilities, and Controls

You may also wish to review Internet resources related to these concepts. Wikipedia is typically a good starting point for many subjects in computing, while searches related to information security will yield a mind boggling number of potentially useful results.

Initial Post Requirements

Begin by thinking about your own professional practice. If you’re currently employed in a career position, think about your current company or a previous company. If you have yet to start your professional career, think about the kind of company where you envision working. (NOTE: If you’re working, or have worked, on systems that are classified, either use an unclassified system as your example or envision another example that does not use classified information.)

Consider these questions to consolidate your thoughts:

1. What data must you keep confidential?
2. What data and systems must remain unchanged by unauthorized users (integrity)?
3. To which users must data and systems remain available?
4. To what extent will policies that promote confidentiality and integrity make it more difficult for employees to do their work? In other words, what impacts on availability might these policies have?
5. What are some threats the company faces?
6. What kinds of systems at the company might be vulnerable to these threats?
7. What kinds of controls are in place to try to close the vulnerabilities?

Once you are able to answer these questions, create an initial discussion post in this week’s forum. Don’t simply post answers to the above questions as if they were quiz questions! Instead, write a narrative post that describes how these basic security fundamentals apply to your current or future professional practice.

As a reminder, you must do your own writing. Use of ChatGPT or other artificial intelligence tools is NOT PERMITTED.

Completion Standards

A complete initial post for this assignment:

1. Describes a company (real or imagined).
2. Identifies the elements of the CIA Triad that are applicable to part of the company’s operations.
3. Explains how controls for improving confidentiality and integrity might affect availability.
4. Identifies threats, vulnerabilities, and controls that are relevant to part of the company’s operation.

There are no word limits or targets (minimum or maximum), but try to make the post both complete and concise.

Assessment

Successful completion of this assignment satisfies the following course student learning outcome:

• SLO 1. Engage with the information systems technology professional or academic communities through superior communication, analytical, technical, and critical thinking skills.