← → navigate · ESC index · Back to quit
SCIA 120 · Week 14
cover · 01/30
Introduction to Secure Computing and Information Assurance

Security Practices, Risk Management, and Compliance

Author: Dr. Zhijiang Chen (Frostburg State University)

Tech darkAI line artReading-based content
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where security practices, risk management, and compliance affects users, data, or operations.
InstructorHow would you recognize security practices, risk management, and compliance in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Security technology alone cannot protect an organization.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 01RISK = ASSET x THREAT x IMPACTSecurity...RiskControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
agenda · 02/30
Overall Page

Overall roadmap

The week moves from core definitions to practical security decisions.

Introduction

Core reading concept for Week 14.

Information Security Risk Management

Core reading concept for Week 14.

Asset Identification and Valuation

Core reading concept for Week 14.

Threat Identification and Threat Intelligence

Core reading concept for Week 14.

Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where overall roadmap affects users, data, or operations.
InstructorHow would you recognize overall roadmap in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Introduction
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 02PROTECT - DETECT - RESPONDOverall roadmapIntroductionInformation...Asset...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
objectives · 03/30
03 objectives

Learning objectives

Students should explain, apply, and evaluate the week’s main security ideas.

Explain Introduction.
Explain Information Security Risk Management.
Explain Asset Identification and Valuation.
Explain Threat Identification and Threat Intelligence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where learning objectives affects users, data, or operations.
InstructorHow would you recognize learning objectives in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Explain Introduction.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 03RISK = ASSET x THREAT x IMPACTLearning...Explain...Explain Asset...Explain Threat...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
application · 04/30
04 application

Opening scenario

Use a realistic scenario to anchor Security Practices, Risk Management, and Compliance in operational decision-making.

Security technology alone cannot protect an organization.
Encryption protects data at rest but not the application that decrypts it.
The gap between having security tools and actually being secure is bridged by security practices — the organizational processes, methodologies, governance frameworks, and human…
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where opening scenario affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Security technology alone cannot protect an organization.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 04POLICY - TOOL - TEST - EVIDENCEOpening scenarioSecurity...Encryption...The gap between...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
definition · 05/30
05 definition

Introduction

Security technology alone cannot protect an organization.

Security technology alone cannot protect an organization.
Encryption protects data at rest but not the application that decrypts it.
The gap between having security tools and actually being secure is bridged by security practices — the organizational processes, methodologies, governance frameworks, and human…
Together, these practices constitute information security management — the discipline that transforms technical security into organizational security.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where introduction affects users, data, or operations.
InstructorWhat problem does introduction help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Security technology alone cannot protect an organization.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 05POLICY - TOOL - TEST - EVIDENCEIntroductionSecurity...Encryption...The gap between...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
concept · 06/30
06 concept

Information Security Risk Management

Risk management is the systematic process of identifying, assessing, and treating risks to organizational assets.

Risk management is the systematic process of identifying, assessing, and treating risks to organizational assets.
It is not about eliminating all risk — that is impossible.
It is about making informed decisions about which risks to accept, which to mitigate, and how much to invest in doing so.
NIST SP 800-30 ( Guide for Conducting Risk Assessments ) is the foundational U.S.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where information security risk management affects users, data, or operations.
InstructorHow would you recognize information security risk management in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Risk management is the systematic process of identifying, assessing,…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 06RISK = ASSET x THREAT x IMPACTInformation...Risk management...It is not about...It is about...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
application · 07/30
07 application

Asset Identification and Valuation

You cannot protect what you do not know you have.

You cannot protect what you do not know you have.
Asset inventory is the starting point of risk management.
An information asset is anything of value to the organization that processes, stores, or transmits information: servers, databases, applications, endpoint devices, network…
Assets are characterized by their value — both quantitative (replacement cost, revenue generated, regulatory penalty exposure) and qualitative (reputational value, operational…
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where asset identification and valuation affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: You cannot protect what you do not know you have.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 07RISK = ASSET x THREAT x IMPACTAsset...You cannot...Asset inventory...An information...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
evidence · 08/30
08 evidence

Threat Identification and Threat Intelligence

A threat is a potential cause of an unwanted incident that could result in harm to the organization.

A threat is a potential cause of an unwanted incident that could result in harm to the organization.
Threats are characterized by their source (who or what is behind them) and event (what they might do).
Threat intelligence can be consumed from commercial providers (CrowdStrike, Mandiant), government sources (CISA advisories, FBI flash alerts), industry sharing groups (ISACs —…
Intelligence is operationalized into security controls: blocking known-malicious IPs, updating detection signatures, patching actively exploited vulnerabilities.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where threat identification and threat intelligence affects users, data, or operations.
InstructorHow would you recognize threat identification and threat intelligence in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: A threat is a potential cause of an unwanted incident that could…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 08POLICY - TOOL - TEST - EVIDENCEThreat...A threat is a...Threats are...Intelligence is...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
definition · 09/30
09 definition

Risk Treatment Options

After identifying and assessing risks, organizations choose how to treat them: - Mitigate (Reduce) : Implement controls to reduce the likelihood or impact of the risk.

After identifying and assessing risks, organizations choose how to treat them: - Mitigate (Reduce) : Implement controls to reduce the likelihood or impact of the risk.
Patching vulnerabilities, adding MFA, encrypting data, and deploying firewalls are all mitigation measures.
- Transfer : Shift the financial consequences of the risk to a third party, typically through cyber insurance.
Transfer does not eliminate the operational impact of a breach — it addresses the financial liability.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where risk treatment options affects users, data, or operations.
InstructorWhat problem does risk treatment options help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: After identifying and assessing risks, organizations choose how to…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 09RISK = ASSET x THREAT x IMPACTRisk Treatment...After...Patching...- Transfer...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
concept · 10/30
10 concept

Security Metrics and KPIs

Effective risk management requires measurement.

Effective risk management requires measurement.
Security Metrics and KPIs connects to risk, controls, and evidence.
Security Metrics and KPIs connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where security metrics and kpis affects users, data, or operations.
InstructorHow would you recognize security metrics and kpis in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Effective risk management requires measurement.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 10RISK = ASSET x THREAT x IMPACTSecurity...Effective risk...ControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
application · 11/30
11 application

Vulnerability Assessment and Penetration Testing

Understanding the weaknesses in your own systems before attackers find them is a cornerstone of proactive security.

Understanding the weaknesses in your own systems before attackers find them is a cornerstone of proactive security.
Two complementary approaches serve this purpose:
Vulnerability Assessment and Penetration Testing connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where vulnerability assessment and penetration testing affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Understanding the weaknesses in your own systems before attackers…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 11POLICY - TOOL - TEST - EVIDENCEVulnerability...Understanding...Two...Evidence
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
evidence · 12/30
12 evidence

Vulnerability Assessment

A vulnerability assessment is a systematic examination of systems to identify known vulnerabilities — unpatched software, misconfigured services, default credentials, missing…

A vulnerability assessment is a systematic examination of systems to identify known vulnerabilities — unpatched software, misconfigured services, default credentials, missing…
It is primarily a discovery exercise: here is what is wrong, here is the severity, here is how to fix it.
Vulnerability assessments are typically performed using automated scanning tools: Nessus, Qualys, OpenVAS, Rapid7 InsightVM.
They should be run regularly (weekly or monthly for critical systems) and after significant infrastructure changes.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where vulnerability assessment affects users, data, or operations.
InstructorHow would you recognize vulnerability assessment in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: A vulnerability assessment is a systematic examination of systems to…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 12POLICY - TOOL - TEST - EVIDENCEVulnerability...A vulnerability...It is primarily...They should be...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
definition · 13/30
13 definition

Penetration Testing

A penetration test (pentest) goes beyond vulnerability scanning: it involves skilled security professionals attempting to exploit identified vulnerabilities to demonstrate…

A penetration test (pentest) goes beyond vulnerability scanning: it involves skilled security professionals attempting to exploit identified vulnerabilities to demonstrate…
A pentest answers the question: "If an attacker exploited these vulnerabilities, how far could they get, and what could they access?" The penetration testing lifecycle follows a…
Planning and Reconnaissance : Agree on scope, rules of engagement, and objectives.
Scanning and Enumeration : Use tools (Nmap, Masscan, Nikto, Burp Suite, OWASP ZAP) to identify open ports, services, operating system versions, web application frameworks, and…
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where penetration testing affects users, data, or operations.
InstructorWhat problem does penetration testing help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: A penetration test (pentest) goes beyond vulnerability scanning: it…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 13POLICY - TOOL - TEST - EVIDENCEPenetration...A penetration...A pentest...Planning and...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
concept · 14/30
14 concept

Business Continuity and Disaster Recovery

Security is not only about preventing breaches — it is also about ensuring that business operations can continue through disruptions, whether from cyberattacks, natural disasters,…

Security is not only about preventing breaches — it is also about ensuring that business operations can continue through disruptions, whether from cyberattacks, natural disasters,…
Business Continuity Planning (BCP) addresses how the organization maintains critical business functions during and after a disruptive event.
It is broader than IT recovery: it includes people (who does what if key staff are unavailable), processes (how are critical functions performed manually if systems are down), and…
Disaster Recovery (DR) focuses specifically on restoring IT systems and data after a catastrophic failure.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where business continuity and disaster recovery affects users, data, or operations.
InstructorHow would you recognize business continuity and disaster recovery in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Security is not only about preventing breaches — it is also about…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 14POLICY - TOOL - TEST - EVIDENCEBusiness...Security is not...It is broader...Disaster...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
application · 15/30
15 application

Backup Strategies: The 3-2-1 Rule

Defenses include maintaining offline or immutable backups (cloud object storage with Object Lock, air-gapped tape backups) that ransomware cannot reach or encrypt.

Defenses include maintaining offline or immutable backups (cloud object storage with Object Lock, air-gapped tape backups) that ransomware cannot reach or encrypt.
Backups must be tested regularly — an untested backup is not a backup.
DR strategies range in cost and recovery speed: - Cold site : Backup facility with infrastructure but no running systems; recovery takes days.
- Warm site : Standby environment with systems partially configured; recovery takes hours.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where backup strategies: the 3-2-1 rule affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Defenses include maintaining offline or immutable backups (cloud…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 15POLICY - TOOL - TEST - EVIDENCEBackup...Defenses...Backups must be...DR strategies...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
evidence · 16/30
16 evidence

Incident Response

Despite best efforts, security incidents will occur.

Despite best efforts, security incidents will occur.
The ability to detect incidents quickly and respond effectively limits their impact — every minute of undetected intrusion is time for the attacker to steal more data, spread…
NIST SP 800-61 ( Computer Security Incident Handling Guide ) defines the incident response lifecycle as six phases:
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where incident response affects users, data, or operations.
InstructorHow would you recognize incident response in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Despite best efforts, security incidents will occur.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 16POLICY - TOOL - TEST - EVIDENCEIncident...Despite best...The ability to...NIST SP 800-61...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
definition · 17/30
17 definition

Preparation

Preparation occurs before any incident.

Preparation occurs before any incident.
Preparation connects to risk, controls, and evidence.
Preparation connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where preparation affects users, data, or operations.
InstructorWhat problem does preparation help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Preparation occurs before any incident.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 17RISK = ASSET x THREAT x IMPACTPreparationPreparation...ControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
concept · 18/30
18 concept

Detection and Analysis

The detection phase involves identifying indicators of compromise (IOCs) or unusual activity that suggests an incident has occurred.

The detection phase involves identifying indicators of compromise (IOCs) or unusual activity that suggests an incident has occurred.
Sources include SIEM alerts, EDR detections, user reports, threat intelligence feeds, and external notifications (e.g., from CISA, a partner organization, or a security…
Analysis involves determining: What happened?
Is it a true positive or false positive?
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where detection and analysis affects users, data, or operations.
InstructorHow would you recognize detection and analysis in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: The detection phase involves identifying indicators of compromise…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 18POLICY - TOOL - TEST - EVIDENCEDetection and...The detection...Sources include...Analysis...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
application · 19/30
19 application

Containment

Containment limits the spread and impact of the incident.

Containment limits the spread and impact of the incident.
Short-term containment may involve isolating affected systems (removing network access), blocking malicious IPs or domains, disabling compromised accounts, and preserving evidence.
Long-term containment involves implementing temporary fixes to allow business continuity while full eradication is prepared.
Warning — Evidence Preservation : Containment actions must be balanced against evidence preservation.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where containment affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Containment limits the spread and impact of the incident.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 19VERIFY - MONITOR - IMPROVEContainmentContainment...Short-term...Long-term...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
evidence · 20/30
20 evidence

Eradication

Eradication removes the cause of the incident: deleting malware, closing exploited vulnerabilities, removing backdoors and persistence mechanisms (scheduled tasks, startup…

Eradication removes the cause of the incident: deleting malware, closing exploited vulnerabilities, removing backdoors and persistence mechanisms (scheduled tasks, startup…
Eradication connects to risk, controls, and evidence.
Eradication connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where eradication affects users, data, or operations.
InstructorHow would you recognize eradication in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Eradication removes the cause of the incident: deleting malware,…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 20RISK = ASSET x THREAT x IMPACTEradicationEradication...ControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
definition · 21/30
21 definition

Recovery

Recovery restores affected systems to normal operation.

Recovery restores affected systems to normal operation.
This involves restoring from known-clean backups, reimaging compromised systems (often preferable to trying to "clean" them in place), applying patches, and gradually restoring…
Recovery connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where recovery affects users, data, or operations.
InstructorWhat problem does recovery help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Recovery restores affected systems to normal operation.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 21POLICY - TOOL - TEST - EVIDENCERecoveryRecovery...This involves...Evidence
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
concept · 22/30
22 concept

Post-Incident Activity: Lessons Learned

After recovery, the IR team conducts a thorough review: What happened?

After recovery, the IR team conducts a thorough review: What happened?
What could have been done faster or better?
What controls would have prevented or limited the incident?
Lessons learned should result in concrete improvements to security controls, detection capabilities, and IR procedures.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where post-incident activity: lessons learned affects users, data, or operations.
InstructorHow would you recognize post-incident activity: lessons learned in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: After recovery, the IR team conducts a thorough review: What happened?
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 22POLICY - TOOL - TEST - EVIDENCEPost-Incident...After recovery...What could have...What controls...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
application · 23/30
23 application

Digital Forensics Basics

Digital forensics is the science of collecting, preserving, analyzing, and presenting digital evidence in a manner that maintains its integrity and legal admissibility.

Digital forensics is the science of collecting, preserving, analyzing, and presenting digital evidence in a manner that maintains its integrity and legal admissibility.
Chain of Custody : Every piece of evidence must have a documented chain of custody — a record of who collected it, when, where, how it was stored, who accessed it, and how it was…
Breaks in chain of custody can render evidence inadmissible in legal proceedings.
Forensic Imaging : Forensic analysis is conducted on a bit-for-bit copy of the original evidence (forensic image), not on the original itself.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where digital forensics basics affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Digital forensics is the science of collecting, preserving,…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 23VERIFY - MONITOR - IMPROVEDigital...Chain of...Breaks in chain...Forensic...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
evidence · 24/30
24 evidence

Security Audits and Assessments

Security audits systematically evaluate whether security controls are in place, properly configured, and effective.

Security audits systematically evaluate whether security controls are in place, properly configured, and effective.
Internal audits are conducted by organizational staff; external audits by independent third parties.
Types include: - Compliance audits : Verify adherence to specific regulatory requirements (HIPAA, PCI-DSS).
- Technical security assessments : Assess the technical security posture of systems (vulnerability scans, configuration reviews, penetration tests).
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where security audits and assessments affects users, data, or operations.
InstructorHow would you recognize security audits and assessments in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Security audits systematically evaluate whether security controls are…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 24VERIFY - MONITOR - IMPROVESecurity Audits...Security audits...Internal audits...Types include -...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
vocabulary · 25/30
25 vocabulary

Key terms to keep

Vocabulary becomes useful when students can connect terms to scenarios and evidence.

Introduction
Information Security Risk Management
Asset Identification and Valuation
Threat Identification and Threat Intelligence
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where key terms to keep affects users, data, or operations.
InstructorHow would you recognize key terms to keep in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Introduction
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 25RISK = ASSET x THREAT x IMPACTKey terms to...IntroductionInformation...Asset...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
comparison · 26/30
26 comparison

Compare: Introduction vs. Information Security Risk Management

Comparing related ideas helps students avoid shallow memorization.

Where Introduction applies.
Where Information Security Risk Management applies.
How the difference changes the security decision.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where compare: introduction vs. information security risk management affects users, data, or operations.
InstructorHow would you recognize compare: introduction vs. information security risk management in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Where Introduction applies.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 26RISK = ASSET x THREAT x IMPACTCompare:...Where...How the...Evidence
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
application · 27/30
27 application

Applied decision checkpoint

Students should translate concepts into a defensible security decision.

Identify the asset or process at risk.
Choose a preventive, detective, or corrective control.
Explain what evidence would prove the control is working.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where applied decision checkpoint affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Identify the asset or process at risk.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 27RISK = ASSET x THREAT x IMPACTApplied...Identify the...Choose a...Explain what...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
review · 28/30
28 review

Review questions

Retrieval practice should ask students to define, compare, apply, and evaluate.

Define one core concept in plain language.
Compare two controls or threats from the week.
Apply one idea to a campus or business system.
Evaluate why a solution might fail in practice.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where review questions affects users, data, or operations.
InstructorWhat is the one sentence takeaway for review questions?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Define one core concept in plain language.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 28POLICY - TOOL - TEST - EVIDENCEReview questionsDefine one core...Compare two...Apply one idea...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
bridge · 29/30
29 bridge

Bridge to lab and assessment

The reading should transfer into evidence-based lab work and written explanations.

Collect evidence, not just screenshots.
Explain what the artifact proves.
Connect the proof back to risk and control selection.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where bridge to lab and assessment affects users, data, or operations.
InstructorHow would you recognize bridge to lab and assessment in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Collect evidence, not just screenshots.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 29VERIFY - MONITOR - IMPROVEBridge to lab...Collect...Explain what...Connect the...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck
SCIA 120 · Week 14
closing · 30/30
30 closing

Takeaway

The central takeaway from Week 14 is to reason from risk to evidence to action.

Security Practices, Risk Management, and Compliance
Security is a decision process, not just a tool list.
Use the reading to justify practical choices.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 14 incident where takeaway affects users, data, or operations.
InstructorHow would you recognize takeaway in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Security Practices, Risk Management, and Compliance
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 30RISK = ASSET x THREAT x IMPACTTakeawaySecurity...Security is a...Use the reading...
Dr. Zhijiang Chen · Frostburg State University
Week 14 deck