Home / Courses / IT3358
Capella University — Information Technology

IT3358: Information Security Concepts for the Information Technology Professional

A complete guide to Capella's IT3358. This course covers the foundational security principles every IT professional needs — not just dedicated security specialists — since security considerations touch every layer of IT work.

UndergraduateCybersecurity FundamentalsCIA TriadAPA 7th Edition

IT3358 treats security as a foundational IT competency, not a specialized silo — every network engineer, database administrator, and software developer makes decisions daily that affect an organization's security posture, whether or not "security" is in their job title.

The CIA triad and core security concepts

IT3358 introduces the CIA triad — Confidentiality (preventing unauthorized data access), Integrity (preventing unauthorized data modification), and Availability (ensuring systems remain accessible to authorized users) — as the foundational framework for thinking about any security decision. Students learn that most real security controls exist to protect one or more legs of this triad.

Common attack vectors and security controls

The course surveys common attack vectors — phishing, malware, SQL injection, and social engineering — and the corresponding defensive controls: authentication and access control, encryption, firewalls, and security awareness training. Students practice matching specific threats to the specific controls designed to mitigate them.

Key topics in IT3358

Working on a security concepts assignment or an attack-vector analysis?

Our IT experts build IT3358-level coursework with accurate, foundational security concepts.

Get Expert Help

Worked example: matching threats to the CIA triad and appropriate controls

  • Threat 1: An attacker intercepts unencrypted data traveling across a network — violates Confidentiality; mitigated by encryption (TLS/SSL)
  • Threat 2: A malicious actor modifies financial records in a database — violates Integrity; mitigated by access controls, audit logging, and checksums
  • Threat 3: A distributed denial-of-service (DDoS) attack overwhelms a web server — violates Availability; mitigated by traffic filtering and redundant infrastructure
  • Lesson: Every security control exists to protect one or more legs of the CIA triad, giving IT professionals a structured way to reason about which controls a given risk actually requires

Get Help With IT3358

Information security fundamentals and attack-vector analysis assignments.

Place Your OrderView All Services

Related courses

Frequently asked questions

What is the CIA triad, and why is it used as the foundational framework for information security?

The CIA triad identifies three core properties information security aims to protect: Confidentiality (ensuring only authorized individuals can access certain information), Integrity (ensuring information isn't improperly altered, whether accidentally or maliciously), and Availability (ensuring authorized users can access systems and information when needed). IT3358 teaches the CIA triad as the foundational framework because nearly any security control or incident can be understood in terms of which of these three properties it protects or violates — this gives IT professionals a structured, shared vocabulary for reasoning about security decisions, allowing them to ask "which of these three properties does this specific risk threaten, and which controls specifically address that property" rather than treating security as a vague, undifferentiated concern that's hard to reason about systematically.

Why is social engineering considered one of the most significant attack vectors, despite being a non-technical attack method?

Social engineering attacks exploit human psychology and trust rather than technical vulnerabilities in software or hardware — convincing an employee to click a malicious link, reveal a password over the phone, or grant physical access to a facility by impersonating a trusted party — and they're significant precisely because even an organization with extremely strong technical security controls remains vulnerable if its employees can be manipulated into voluntarily bypassing those controls. IT3358 teaches social engineering alongside more technical attack vectors because a robust security posture requires addressing both dimensions — investing heavily in technical controls like firewalls and encryption while neglecting security awareness training leaves a significant, often exploited gap, since attackers frequently find it easier to manipulate a person into providing access than to defeat well-implemented technical defenses directly, which is exactly why security awareness training for all employees, not just IT staff, is considered an essential security control in its own right.