1

Module for Information Assurance and Security 2

Welcome to the Module for Information Assurance and Security 2 . This module
allows the students to have gain the following learning outcomes:

COURSE LEARNING OUTCOME

CLO1 Evaluate the purpose and function of cybersecurity technology identifying the tools
and systems that reduce the risk of data breaches while enabling vital organization
practices;
CLO2 Implement systems, apply tools, and use concepts to minimize the risk to an
organization’s cyberspace to address cybersecurity threats;
CLO3 Develop policies and procedures needed to respond and remediate a cyber-attack on a
credit card system and describe plan to restore functionality to the infrastructure.
CLO4 Plan and perform a social engineering attack with penetration test (active
attacks/passive attacks) against an organization’s network. (NOTE: Educational activities
related to these outcomes should only be carried out in controlled circumstances and with
appropriate authorizations.

It has 7 modules:

Module 1: Information States

Module 2: Digital Security Services
Module 3: Digital Forensic
Module 4: Digital Security Domains
Module 5: Digital Attacks
Module 6: Advanced Digital Security Mechanisms (Countermeasures)
Module 7: Digital Vulnerabilities

TABLE OF CONTENTS

2
Module 1: Information States ........................................................................................4
Lesson 1: Transmission ..........................................................................................5
Lesson 2: Storage..................................................................................................11
Lesson 3: Processing.............................................................................................16
Lesson 4: Digital Security Services......................................................................21
REFERENCE........................................................................................................27
Module 2: Digital Security Services............................................................................28
Lesson 1: Availability and Integrity......................................................................29
Lesson 2: Confidentiality......................................................................................36
Lesson 3: Authentication......................................................................................45
Lesson 4: Non-repudiation....................................................................................53
REFERENCE........................................................................................................62
Module 3: Digital Forensic...........................................................................................63
Lesson 1: Legal System........................................................................................64
Lesson 2: Digital forensics and its relationship to other forensic disciplines.......72
Lesson 3: Rules of Evidence.................................................................................78
Lesson 4: Digital evidence....................................................................................83
REFERENCE........................................................................................................88
Module 4: Digital Security Domains............................................................................89
Lesson 1: Security Awareness..............................................................................90
Lesson 2: Designing and Implementing Secure Systems...................................102
Lesson 3: Networking.........................................................................................111
Lesson 4: Web Systems......................................................................................119
REFERENCE......................................................................................................126
Module 5: Digital Attacks..........................................................................................127
Lesson 1: Social engineering..............................................................................128

Lesson 2: Denial of service ................................................................................135

Lesson 3: Protocol, Active, and Passive Attacks................................................142
Lesson 4: Buffer overflow attacks......................................................................150
REFERENCE.............................................................................................................156
Module 6: Advanced Digital Security Mechanisms (Countermeasures) ..................157
Lesson 1: Cryptography and Cryptosystems......................................................158
Lesson 2: Symmetric & asymmetric ..................................................................164

3
 Lesson 3: Implementation and Authentication ..................................................172
Lesson 4: Redundancy and Intrusion Detection................................................179
REFERENCE.............................................................................................................185
Module 7: Digital Vulnerabilities ..............................................................................186
Lesson 1: Perpetrators: Internal and External Attacks........................................187
Lesson 2: Black Hat and White Hat ...................................................................193
Lesson 3: Ignorance and Carelessness................................................................199
Lesson 4: Vulnerabilities Of An Organization: Hardware and Software ..........210
REFERENCE.............................................................................................................219