Chapter 1 Lab — The Essence of Information Security

Lab Orientation

5–10 minutes

Complete the activities in order. Your score is tracked locally in the browser (no data is sent anywhere).

Total Points

0/6

Activities Completed

Instructor Tip: Ask learners to justify answers in one sentence. The goal is security thinking, not memorization.

Activity 1 — Classify Information (Digital / Physical / Verbal)

10 minutes • 10 pts

Drag each item into the correct category. Then click Check.

Items to classify

Customer database in a cloud service

Printed HR files in a cabinet

Strategy discussion in a meeting room

Source code repository

Whiteboard notes after a workshop

A password shared over the phone

Digital

Stored/processed electronically

Physical

Paper, printouts, artifacts

Verbal

Spoken, heard, remembered

Not checked yet.

Activity 2 — Cybersecurity vs Information Security

7 minutes • 8 pts

Select the most accurate statement.

Which statement is most accurate?

Cybersecurity and information security are interchangeable terms. Cybersecurity is a subset of information security focused on digital systems. Information security is only about data encryption and backups.

Not checked yet.

Activity 3 — Map Controls to the CIA Triad

10 minutes • 12 pts

For each control, pick the primary CIA objective it supports.

1) Encrypt data at rest

Confidentiality Integrity Availability

2) Change control and approvals for production updates

Confidentiality Integrity Availability

3) Redundant systems + tested backups

Confidentiality Integrity Availability

Not checked yet.

Activity 4 — Security Myths: Myth or Reality?

8 minutes • 10 pts

Mark each statement as a Myth or Reality.

1) “If we buy the right tools, we will be secure.”

Myth Reality

2) “Security is an organizational discipline, not only an IT function.”

Myth Reality

3) “Trust should be engineered and governed, not assumed.”

Myth Reality

Not checked yet.

Activity 5 — TPSRSR in Practice (Insider Risk Design)

12 minutes • 15 pts

Read the scenario and propose design improvements using TPSRSR. Then compare with the model answer.

Scenario

A single payroll administrator can: create employees, change bank accounts, approve payroll, and export payroll reports. There is no peer review. Audits happen annually.

Your response (3–6 bullets)

Not checked yet.

Activity 6 — One‑Page Security Definition (Your Organization)

15 minutes • 20 pts

Write a short definition of information security for a non‑technical leader. Include: scope (all forms), purpose (trust/resilience/continuity), and accountability.

Your one‑page definition

Not checked yet.

Completion

Wrap‑up

If you are using this in class, discuss: Which activity changed your understanding the most—and why?

Next step: Move to Chapter 2 (Core Elements) and repeat the same pattern: definition → boundaries → principles → governance → practice.

Instructor Console

Optional

Use these prompts during delivery (webinar, micro‑course, or in‑class).

Warm‑up prompt:
“Name one information asset that is not digital. Who owns it?”

Debate prompt:
“Is trust ever a valid control? When does it become risk?”

Applied prompt:
“Where could one person in your organization cause the biggest damage—without hacking?”

Scoring model: This lab uses self-check for written items, automated checks for objective items.

Quick Reference

Chapter 1

Information forms: Digital • Physical • Verbal

Cybersecurity: protects digital systems
Information security: protects information in all forms

CIA: Confidentiality • Integrity • Availability

TPSRSR: Transparency • Partitioning • Separation • Rotation • Supervision • Review