Republic of the Philippines

OCCIDENTAL MINDORO STATE COLLEGE

Labangan, San Jose, Occidental Mindoro
Website: www.omsc.edu.ph Email address: omsc_9747 @gmail.com
CERTIFIED TO ISO 9001:2015
Tele/Fax: (043) 457-0231 CERT. NO.: 50500643 QM15

Learning Module
in
INFORMATION SECURITY

Compiled by:
KHARINE M. REYNO, PhD

The compiler does not own any of the contents of this learning module. Due credits and
acknowledgment are given to the authors, internet sources, and researchers listed on the reference
page. Such sources are reserved to further explain concepts and cannot be credited to the compiler
and the school. All diagrams, charts, and images are used for educational purposes only. The sole
objective of this instructional material is to facilitate independent learning and not for monetary gains
because this is NOT FOR SALE.

2020 Edition
 Republic of the Philippines
OCCIDENTAL MINDORO STATE COLLEGE
Labangan, San Jose, Occidental Mindoro
Website: www.omsc.edu.ph Email address: omsc_9747 @gmail.com
CERTIFIED TO ISO 9001:2015
Tele/Fax: (043) 457-0231 CERT. NO.: 50500643 QM15

APPROVAL SHEET

This Instructional Material entitled LEARNING MODULE IN INFORMATION SECURITY, compiled

by KHARINE M. REYNO (A.Y. 2020-2021), is recommended for production and utilization by the students
and faculty members of the Occidental Mindoro State College.

PANEL OF EVALUATORS

Local Evaluation Committee

College of Criminal Justice Education

ANTONINO P PERALTA JR., MSCA MARY GRACE F. BAROLO, PhD

Member Member

KHARINE M. REYNO, PhD

Chairperson

Overall Instructional Materials Development Committee

VENESSA S. CASANOVA, PhD MA. IMELDA C. RAYTON, MAEd

Member Member

Recommending Approval:

JESSIE S. BAROLO, JR., MAEd

Chairperson

Approved:

ELBERT C. EDANIOL, EdD

Vice President for Academic Affairs
 DEDICATION

I wish to record my profound sense of gratitude and passionate thanks to the courser.org online class
which I have used as part of my references in completing this materials. Their lecture/videos have not
only helped me in gathering the necessary data but they also enrich my knowledge in the field of
Information security.
 REPUBLIC OF THE PHILIPPINES
OCCIDENTAL MINDORO STATE COLLEGE
Rizal Street, San Jose, Occidental Mindoro 5100
Website: www.omsc.edu.ph Email address: omsc_9747@yahoo.com
Tele/Fax: (043) 491-1460
CERTIFIED TO ISO 9001:2015

College of Criminal Justice Education CERT. NO.: 50500643 QM15

Main Campus

BACHELOR OF SCIENCE IN INDUSTRIAL SECURITY MANAGEMENT

OBE COURSE SYLLABUS

OMSC VISION
A premier higher education institution that develops locally responsive, globally competitive and innovative professionals.
OMSC MISSION
The OMSC exists to produce intellectual and human capital by developing excellent graduates, through outcomes-based instruction, relevant research, responsive technical advisory services, and
sustainable production.
COLLEGE OF CRIMINAL JUSTICE EDUCATION GOAL
To produce law enforcement officers who walk with Honor and Pride as gentlemen and women compassionate yet just in delivery of public- service.
COURSE TITLE: Information Security
COURSE DESCRIPTION: This course study the practices intended to keep data secure from unauthorized. It is also study the different processes and methodologies which are designed and
implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized use, misuse, disclosure, destruction, modification, or disruption.
COURSE CODE: FS 3
CREDIT UNITS: 3
PREREQUISITES: FS 1
PROGRAM GOAL: This program aims to provide its graduate with the following:
A strong foundation on fundamental theories of industrial security and its administration and understanding of constitutional guarantees of security;
Ability to prepare programs for best approaches and practical application of these fundamental theories and concerns;
A comprehensive knowledge of the diverse issues and concerns affecting security in the industrial setting;
Competencies in the design of basic security system and their operation and functions such as but not limited to corporate and organizational security, internal office security, business and
commercial security, executive protection, intelligence and investigation as well as security for vital infrastructures such but not limited to seaports, airports, and the like;
 Knowledge, skills, attitude and values for professional careers in Industrial Security Management and the practice of security profession such as:
o Security requirements of various installations of vital importance;
o Private and public security and loss prevention system and the role of Industrial Security Management in their operations;
o Executive protection and security to high-profile individuals;
o Information technology security; and
o Crime prevention and investigation and law enforcement as provided for under existing laws.
Skills and competencies that will make them globally competitive and at par with current international trends.
PROGRAM OUTCOMES: The graduates have the ability to:
conduct cost-effective security survey, audit, and inspection for private and public institutions.
conduct risk and impact analysis and loss event profiling for enterprises and state-owned establishments.
develop and implement competitive intelligence, security and corporate investigation programs.
plan and manage any form of contingencies and emergencies and contain crisis.
formulate and implement security management plans and programs including business continuity plan and management.
organize, develop and operate a security guard force and private detective agency.
COURSE OUTCOMES: (knowledge, values and skills all learners are expected to demonstrate at the end of the course)
can able to express the key concepts of the information security
Identify different security services cryptography can provide.
List the different threats that affect computers and networks
Explain the need of effective security management
Classify the actors in the model of the cyber security industry

COURSE OUTLINE
Week Desired Learning Outcomes Course Content Textbooks/ References Teaching/Learning Resource Assessment
Activities Materials
Internalize the Vision , Mission and Vision, Mission and Core Values manual
1
Core Values handbook
Explain the concepts and issues Juvenile Justice System  RA 9344
1 hr
related in juvenile delinquency
Express some of the key LESSON 1 Fulgencio, Eduardo M., reading/video IM Module Matching type/ on
concepts around information INTRODUCTION TO Security Management discussion or Web link introduction to
2-3 security INFORMATION SECURITY Principles Techniques and reflections Video information security
Application, (2016) Google
1. What is information security? classrooms
 Relate knowledge areas to the 2. Concepts and models: the CIA https://www.csoonline.com/article/3 web quests (Links Google Docs Essay/ on RMIAS,
discipline of information/cyber Triad 513899/what-is-information- to an external Cellphone information security,
security-definition-principles-and-
security 3. Concepts and models: the jobs.html site) Laptop digital forensic
Summarize the CIA Triad and RMIAS model https://www.geeksforgeeks.org/ Individual research Reflection paper topic:
show an appreciation of the 4. Exploring the core knowledge what-is-information-security/ Why information
more extensive RMIAS model. areas within information security security is needed?
Collection of Outputs:
September 21-25, 2020
Justify why we need LESSON 2 Fulgencio, Eduardo M., reading/video IM Module Create encrypted and
cryptography. INTRODUCTION TO Security Management discussion or Web link decipher messages.
Identify different security CRYPTOGRAPHY Principles Techniques and reflections Video True or False test
services cryptography can 1. Origin of Cryptography Application, (2016) web quests (Links Google /traditional ciphers
provide. 2. Modern Cryptography to an external classrooms Essay / algorithms and
Explain the different roles of 3. Cryptosystem https://www.tutorialspoint.com/c site) Google Docs encryptions
cryptographic algorithms and 4. Attacks on Cryptosystem ryptography/traditional_ciphers. Individual research Cellphone Reflection paper topic:
4-9 keys. 5. Traditional Ciphers htm Laptop Why we need
Recognize how and where 6. Modern Symmetric Key cryptography?
cryptographic protection can fail. Encryption Collection of Outputs:
Appraise the role cryptography 7. Advanced Encryption Standard September 21-25, 2020
plays in real applications. 8. Public Key Encryption
Evaluate different perspectives 9. Data Integrity in Cryptography
on control of cryptography. 10. Cryptography Digital Signature
11. Public Key Infrastructure
List the different threats that LESSON 3 Fulgencio, Eduardo M., reading/video IM Module Identification and
affect computers and networks NETWORK AND COMPUTER Security Management discussion or Web link Essay test / network
Summarize the risks that exist SECURITY Principles Techniques and reflections Video and computer security.
when information is transmitted Application, (2016) web quests (Links Google Reflection paper topic:
through a network 1. Network security https://enterprise.comodo.co to an external classrooms why computer security
10-11 Relate some network 2. Computer security m/blog/what-is-network- site) Google Docs is important?
technologies with the main security/ Individual research Cellphone
security protocols that enable https://www.forcepoint.com/c Laptop Collection of Outputs:
their protection yber-edu/network-security November 16-20, 2020
 Define authentication and
authorization
List some of the kinds of
vulnerabilities that may affect a
computer system
Explain the need of effective LESSON 4 Fulgencio, Eduardo M., reading/video IM Module Essay/ security
security management SECURITY MANAGEMENT Security Management discussion or Web link management
Outline the activities involving Principles Techniques and reflections Video Research output topic:
risk and incident management 1. Standards, Security Policies Application, (2016) web quests (Links Google Data privacy act in the
Identify the main factors that and Controls to an external classrooms Philippines and
affect risk assessment 2. Risk Management https://www.jstor.org/stable/p site) Google Docs compare it to the other
12-14
Define security control, security 3. Legal Regulation df/j.ctt5hh3wf.7.pdf?refreqid= Individual research Cellphone Asian Country.
policies and risk excelsior%3A97a2ce96be55 Laptop
Identify the regulations that 8bb98da449fb711ee358 Collection of Outputs:
should be considered within the November 16-20, 2020
Information Security
Management System
Describe a model of the LESSON 5 Fulgencio, Eduardo M., reading/video IM Module Essay/ cyber security
information security industry THE CYBER SECURITY Security Management discussion or Web link industry and careers.
Classify the actors in the model INDUSTRY AND CAREERS Principles Techniques and reflections Video Reflection paper topic:
of the cyber security industry Application, (2016) web quests (Links Google why there is a need to
Give examples of professional 1. Modelling and Information to an external classrooms professionalizing the
bodies and their influence on Security Industry site) Google Docs cyber and information
the security industry http://www.cpni.gov.uk Individual research Cellphone security practitioners?
14-17
Summarize some of the roles 2. Roles and careers in the Laptop
and careers available in the information security industry Collection of Outputs:
security industry November 16-20, 2020
Create a career plan and 3. Professionalization of the
determine the potential information security industry
educational milestones to help
achieve the plan
SUGGESTED LEARNING RESOURCES:
 http://aaronbazar.com/wiki/Reference_Model_of_Information_Assurance_and_Security
COURSE REQUIREMENTS  Reflection Paper
 Research Paper
 Reading of Modules
 Activities and Quizzes
 Major Examinations
Learning Activities =40%
Major Exam =40%
GRADING SYSTEM
100%
*Final Rating = Midterm (40%) + Final Term (60%)
Attendance
This shall be on flexible learning environment; a combination of modular and online platform
Incomplete Grade:
COURSE POLICIES 1. Students who were not able to take the midterm/final examinations will receive an incomplete grade.
COURSE REQUIREMENTS 2. Incomplete grade should be complied within one year.
Discipline:
Academic honesty is expected from students enrolled in this course. Cheating on examination, unauthorized collaboration and plagiarism
constitute academic dishonesty and may be ground for a failing grade and/or disciplinary action.
Prepared by: Noted: Approved:

MARY GRACE F. BAROLO, PhD

KHARINE M. REYNO, PhD Program Head ELBERT C. EDANIOL, EdD
Instructor Vice President for Academic Affairs
Recommending Approval:

KHARINE M. REYNO, PhD _________________

_____________________ Dean Date
Date _____________________
Date
 PREFACE

Security is the greatest challenge for computer and information system in the society today. Many
users have lost data due to viruses, both on home and business computers. Most of us have
seen a range of emails massages attempting different kinds of fraud. Vulnerabilities are
everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security
is not limited to secrecy and confidentiality, but also involves problems like integrity, availability,
and effectiveness of information. Moreover, security issues can potentially affect all of us, from
innocent home users to companies and even governments.

Security is not just a technical problem but needs to be embedded throughout an organization to
be effective. As such good security solutions build on a complete understanding of the values at
stake, and the supporting business processes and requirements. This includes people as well as
information systems and physical resources. Consequently, raising security awareness and
embedding security within roles and policies is as important, if not more, as secure software. In
short, secure solutions can only be implemented with both good technical skills and a good
understanding of the people.

This module aims to promote awareness for the wide range of information security methodologies
and processes which are designed and implemented to protect print, electronic, or any other form
of confidential, private and sensitive information or data from unauthorized use, misuse,
disclosure, destruction, modification, or disruption.
 TABLE OF CONTENTS

Lesson 1: Introduction to Information Security

What is Information Security 1
Concepts and Model: the CIA Triad 2
Concepts and Models: the RMIAS Model 4
Exploring the Core Knowledge Areas within Information Security 6
Assessment 8

Lesson 2: Introduction to Cryptography

Origin of Cryptography 10
Modern Cryptography 12
Cryptosystem 14
Attach on Cryptosystem 19
Traditional Ciphers 22
Modern Symmetric Key Encryption 28
Advance Encryption Standards 34
Public Key Encryption 40
Data Integrity in Cryptography 45
Cryptography Digital Signature 45
Public Key Infrastructure 47
Assessment 52

Lesson 3: Network and Computer Security

Network Security 54
Computer Security 56
Assessment 58

Lesson 4: Security Management

Standards, Security Policies and Controls 60
Risk Management 61
Legal Regulation 63
Assessment 66

Lesson 5: The Cyber Security Industry and Careers

Modelling and Information Security Industry 68
Roles and Career in the Information Security Industry 73
Professionalization of the Information Security Industry 76
Assessment 81

References 83