The document introduces the fundamentals of information systems security, emphasizing the CIA triad: confidentiality, integrity, and availability, essential for protecting data and systems. It discusses the significance of security for individuals, organizations, and society, alongside common threats and mitigation strategies. Key takeaways include the necessity of effective policies, security awareness, and the role of established frameworks in reducing risks.

1. INTRODUCTION TO
INFORMATION SYSTEMS
SECURITY
Subject: Information Assurance and Security 2
Subtitle: Understanding the Basics of Information Security
Instructor: Lester R. Ladera, MIT, DM
Institution: Ramon Magsaysay Memorial Colleges-Marbel, Inc.

2. OBJECTIVES OF THE TOPIC
 Understand the fundamental concepts of information systems security.
 Learn the significance of confidentiality, integrity, and availability (CIA) in security.
 Explore how information security impacts individuals and organizations.

3. LEARNING OUTCOMES (TLOS)
 Discuss various knowledge areas in computing.
 Explain the role of information systems security in daily
life and businesses.
 Analyze the CIA triad’s significance in securing IT
infrastructure.

4. WHAT IS INFORMATION SYSTEMS
SECURITY?
 Definition:
o Protecting systems, networks, and data from
unauthorized access, attacks, or damage.
 Purpose:
o Ensure data confidentiality, maintain integrity, and
support availability.
 Key Question: Why is securing information critical in modern technology?

5. IMPORTANCE OF INFORMATION SYSTEMS
SECURITY
 For Individuals:
o Protect sensitive data (e.g., personal information,
financial details).
 For Organizations:
o Safeguard intellectual property and customer data.
 For Society:
o Maintain trust in digital services and infrastructure.

6. THE CIA TRIAD
 Confidentiality:
o Prevent unauthorized access to sensitive information.
o Example: Passwords, encryption, and access controls.
 Integrity:
o Ensure accuracy and reliability of data.
o Example: Data validation, checksums, and secure backups.
 Availability:
o Ensure information is accessible when needed.
o Example: Redundant systems and denial-of-service protections.

7. CONFIDENTIALITY IN DETAIL
 Definition: Restrict access to information to authorized users.
 Methods:
o Encryption
o Multi-factor authentication (MFA)
o Role-based access controls (RBAC)
 Real-World Example: Securing financial transactions with encryption.

8. INTEGRITY IN DETAIL
 Definition: Protect data from unauthorized changes.
 Methods:
o Digital signatures
o Hash functions
o Change logs and audit trails
 Real-World Example: Ensuring medical records remain
unaltered.

9. AVAILABILITY IN DETAIL
 Definition: Ensure reliable access to information and systems.
 Methods:
o Redundancy
o Load balancing
o Disaster recovery plans (DRPs)
 Real-World Example: E-commerce websites staying online during peak sales.

10. DISCUSSING KNOWLEDGE AREAS IN
COMPUTING
 Core Areas:
o Software development
o Networking
o Data management
o Cybersecurity
 Why It Matters: Security concerns intersect with every
aspect of computing.

11. INFORMATION SYSTEMS SECURITY
AND ITS EFFECTS
 On Businesses:
o Reduces financial losses from breaches.
o Ensures compliance with legal regulations.
 On People:
o Builds trust in digital interactions.
o Protects privacy and personal freedoms.

12. REAL-LIFE BREACH EXAMPLES
 Case Study 1: Data breach at a major financial institution.
o Cause: Weak password policies.
o Effect: Financial loss and reputation damage.
 Case Study 2: Ransomware attack on a hospital.
o Cause: Unpatched software.
o Effect: Service disruption and ransom payment.

13. THREATS TO INFORMATION
SECURITY
 External Threats:
o Hacking
o Phishing
o Malware
 Internal Threats:
o Insider threats
o Misconfigurations

14. HOW TO MITIGATE THREATS
 Implement strong security policies.
 Use advanced tools like firewalls and intrusion detection
systems.
 Conduct regular employee training on cybersecurity.

15. THE ROLE OF POLICIES IN SECURITY
 Definition: Guidelines to ensure consistent
security practices.
 Components:
o Acceptable use policies
o Incident response plans
o Compliance guidelines

16. SECURITY FRAMEWORKS
 Examples:
o ISO 27001: International standard for information
security management.
o NIST Cybersecurity Framework: U.S.-based framework
for reducing cyber risks.
 Why Use Frameworks? Standardizes practices and
simplifies compliance.

17. IMPORTANCE OF AWARENESS
 For Individuals:
o Stay vigilant against phishing and scams.
 For Organizations:
o Foster a culture of security.
o Regular awareness campaigns.

18. CLASSROOM DISCUSSION ACTIVITY
 Scenario:
o You are the IT security officer at a company. Identify
threats and propose solutions for the following:
A phishing email.
Unauthorized access to a secure file.
Objective: Encourage critical thinking and application of
the CIA triad.

19. SUMMARY
 Key Points:
o CIA Triad is fundamental to information security.
o Information security protects individuals, businesses,
and society.
o Effective policies and frameworks reduce risks.
 Takeaway: Secure information systems are a shared
responsibility.

20. Q&A AND NEXT STEPS
 Questions: Open the floor to clarify concepts and
address doubts.
 Next Session: Evolution of Internet of Things (IoT) and
its impact on security.

21. THANKYOU!
LET ME KNOW IF
YOU'D LIKE
FURTHER
ENHANCEMENTS OR
DETAILS ADDED!