HTML Lab • Chapter 2 • Mastering Information Security

Hands‑On Lab: Core Conceptual Elements of Information Security

This lab reinforces Chapter 2 using scenario‑based, model‑building activities. Open locally in any browser.

Lab Orientation

40–70 minutes

Complete the activities in order. Your score is tracked locally in the browser (no data is sent anywhere).

0
Total Points
0/5
Activities Completed
Instructor Tip: Ask learners to justify answers. Focus on building the mental model, not memorization.

Activity 1 — Build the Asset–Threat–Vulnerability–Risk–Control Chain

15 minutes • 20 pts

Use the scenario to identify elements and explain the chain.

Scenario

A shared file repository contains sensitive client documents. Access is broad, patching is irregular, and ownership is unclear.

Your analysis
Not checked yet.

Activity 2 — Classify Controls (Category & Type)

10 minutes • 15 pts

Classify at least 8 controls by category (technical/managerial/operational/physical) and type (preventive/detective/corrective/etc.).

Not checked yet.

Activity 3 — Vulnerability Lifecycle Mapping

10 minutes • 10 pts

Map how one vulnerability moves through: identification → analysis → prioritization → remediation → verification → reporting → continuous monitoring.

Not checked yet.

Activity 4 — Threat Modelling (Conceptual)

10 minutes • 10 pts

Identify threat actors, vectors, and attack surface for the scenario in Activity 1.

Not checked yet.

Activity 5 — Systemic View

10 minutes • 10 pts

Explain feedback loops: how controls change risk, how monitoring feeds back into vulnerability management.

Not checked yet.

Completion

Wrap‑up

Discuss: Which element (asset, vulnerability, threat, control) is most often misunderstood in your organization?

Next step: Move to Chapter 3 (Core Principles).
© Dr. Nader Iranpour • Mastering Information Security • Chapter 2 Lab • v1.0