Mastering Information Security — Lab Portal (Ch.1

How to use: Each chapter contains 2–3 scenario-based labs. Students write justified answers. This is not a quiz — it is a thinking lab.

Chapter 1 — The Essence of Information Security

Scenario 1 — Board Brief

Define Information Security for executives (scope, purpose, accountability). Contrast with cybersecurity.

Scenario 2 — Principles under Pressure

Pick 6 principles (Defense-in-Depth, Least Privilege, Secure by Default, etc.) and explain how they constrain a cloud migration.

Scenario 3 — Security Myths

Explain why “tools make us secure” is a flawed belief.

Scenario 1 — Build the Risk Chain

Identify assets, vulnerabilities, threats, attacks, risks. Propose controls and explain the chain.

Scenario 2 — Control Design

Classify your controls by category (technical, managerial, operational, physical) and type (preventive, detective, etc.).

Scenario 3 — Systemic View

Explain the Asset–Threat–Vulnerability–Risk–Control model as a system.

Scenario 1 — CIA Trade-offs

For a remote access system, propose 6 decisions and map each to CIA with trade-offs.

Scenario 2 — AAA Flow

Describe Identification → Authentication → Authorization → Accounting for the same system.

Scenario 3 — ISMS Levels

What belongs to Strategic vs Tactical vs Operational?

Scenario 1 — Choose Guidance

Select guidance for planning, incident handling, logging, configuration, measurement, and a sector need. Justify each.

Scenario 2 — Avoid Checklist Thinking

Explain how guidance supports decisions rather than becoming compliance theater.

Scenario 3 — Governance View

Map your selected guidance to governance, operations, and technical layers.