6682 Information Security For Personal Assessment Answers

What steps did you follow in conducting the review? What evidence did you consider in helping you form your views? What tests did you perform in order to verify the answers to key review questions? Did you use any automated tools for any of this testing? 

Personal situation and Risk Areas

I use to keep my laptop with me at my university campus and use it there to gather information about my assignments, projects as well as tests online. A lot of information related to my study is stored in my study laptop. I use to do NetMeetings with one of my university friends about the assignments, projects and online tests and both of us have suffered from cyber-attacks. A number of assignments prepared by me got stolen by some other students as they have got access to my laptop. As my laptop usually connects with the wireless NIC, so the information stored in it is encrypted, but the transmission of information is not. From the last few months, I noticed that a lot of my personal information has been hacked. My personal information, which include assignment information, project records as well as new online test reports. I then discussed this issue with my friend. We both acknowledged that immense efforts are required to carry out in order to minimize the dangers or risks concerning the personal information management, information privacy and protection. Now, I try to focus more on the betterment of the personal information and security of information stored in my laptop. I believe that some security policies and information security models are required to implement in my laptop for securing my personal data. Also, when I am at my university campus and use to plug my laptop with the university network for the Internet access and to utilize my Work Account on Windows, this network have the ability to see and acknowledge what is on my computer.

Review of a Normative Model

As an IT consultant, I think that the best information security model for me is to use the model with ISO and AS security standards. The AS 27002 is the normative and a controlled model for the information security (Orakzai, 2012). As the AS 27002 is the code of practice model which is generic, and consultative written document, and not a conventional specification just like the ISO/IEC 27002. As an IT consultant, I believe that I should adopt AS 27002 and must assess its own information dangers, clarify the control objectives and apply the appropriate controls using the proper standards for the guidance (Yaokumah, 2016).

Assets Required for Information Security Model AS 27002

I used to apply AS 27002 information security model for my laptop security:

Application software: Application programming actualizes the information security principles for me. I believe that the making of application software is a tedious task. The trustworthiness of this software is essential for us.

System software: I must use to put resources and invest into different bundled software programs, like, working frameworks, DBMS, utilities as well as development tools, software packages, office profitability suites and so on (Shim, 2015).

Communication gear: Modems, switches, EPABXs and also fax machines.

Storage media: Disks, CDs, magnetic tapes and DATs.

My friend and I have created a team that assist both of us to completely address the information security risks in my laptop. I and my friend, after applicable literature and practices revaluation, have selected AS27002 normative model for our personal information safety (Kadam, 2016). The AS27002 is a simple security model as it focuses more and more on the effectiveness and efficiency of the organization’s IT environment instead of the information security connected to the business concerns (Spears, 2010). It was perceived by our team that the AS27002 represents a decent mix of global acknowledgment level and full exhaustiveness, and additionally it is devoted most solely for the personal information security rehearses built around process and policy management (Orakzai, 2012).

Content of AS27002:2015 Model

Access security: The access security control helps in diminishing the mistakes done by humans, for example, mistakes done by the members of the HR department, and characterizing job responsibilities and assets. I need to timely report the security shortcomings and incidents.

Physical and environmental security: This area concentrates on the physical parts of the security of data and additionally to the data frameworks stored in my laptop. For keeping up the classification, uprightness, and accessibility of the data, a legitimate physical condition for frameworks, records and staff is crucial (Whitman and Mattord, 2017).

Data Security Policies and the ISO 27002 Framework

Policies for data security: It is essential to know whether I have thorough strategies for data security that are endorsed by the administration or not. It is also important to know if it is distributed and conveyed to me (Jirasek, 2012).

Survey of the Information Security Policy: Whether the Security Policy has a proprietor characterizing obligation regarding its upkeep and audit as indicated by a characterized survey prepare. I believe that regardless of whether the procedure guarantees that an audit of supporting techniques and procedures is attempted if the arrangement changes.

Controls

Access controls

1. I need to screen all my works, including personality confirmation.
2. My friend and I both should formally acknowledge a coupling classification or non-exposure understanding concerning individual and restrictive data (Humphreys, 2008).
3. Access control frameworks must themselves be sufficiently secured.
4. Fire drills must be led occasionally.
5. Write up access to removable media must be impaired on my desktop (Hankin, 2012).

Physical and environmental security controls

Information safety policy controls

Summary of the tasks undertaken to conduct the review

Since one of the inquiries we have expected to answer was that as to what the genuine difficulties with PIM are, this examination was performed utilizing an exploratory approach (Gutierrez-Martinez, Nunez-Gaona and Aguirre-Meneses, 2015). A model was then created and assessed hypothetically against the difficulties found. An intensive writing survey has been made most importantly to get the fundamental learning in the range, additionally, to abridge the issues and difficulties that exist in the information security territory today. Leading just a hypothetical assessment is clearly a fairly restricted way to deal with testing, programming highlights, since tackling an issue in principle does not mean anything has been unraveled. The procedure of assessment was fairly subjective.

Findings of review and recommendations for improvement

I usually rely upon to embrace an organized data security hazard appraisal procedure to decide its particular prerequisites before choosing controls that are proper to its specific conditions. The presentation segment plots a hazard evaluation handle in spite of the fact that there are more particular models covering this zone, for example, AS 27002. The utilization of data security hazard examination to drive the determination and execution of data security control is an essential element of the AS27002-arrangement gauges: it implies that the non-specific great practical exhortation in this standard gets customized to the particular setting of every client association, instead of being connected through repetition.

Reflection on the methodology or review approach

I believe that the AS27002 is the complimentary standard for data security frameworks and procedures for the security of my laptop as well as for the information stored inside it, as with AS27002 concentrating on administration and giving the essential controls make it conceivable. Both the confirmations concentrate on performing hazard appraisals and afterward rolling out the fitting improvements to the approaches, forms and controls (Fenz, Plieschnegger and Hobel, 2016). I use these standards because AS27002 gauges have been well known for a long time in Europe, especially with monetary associations, therefore, I use information security model to protect my personal information stored in my study laptop. It just began getting to be plainly well known here in the U.S., particularly, among the organizations as well as people that perform a ton of business abroad, where clients expect consistency with the guidelines. The discernment is that exclusive profoundly developed associations are equipped for accomplishing ISO consistence, therefore, making it an upper hand among its security cognizant clients (FARIS and HASNAOUI, 2014). Likewise, given the trouble of getting to be noticeably guaranteed, proceeding with consistency with the standard may spare time and cash on client commanded reviews or surveys; these reviews could be supplanted by giving the documentation building up consistence, much like the AS27002 is utilized today. But before the selection of this information security model, I once need to think again about some critical things to ask that will help me to choose whether to seek for AS27002 consistence or not (Yaokumah, 2016). Does the endeavor need to accomplish confirmation since its rivals have effectively done as such so as to stay focused? At the end of the day, what amount of data loss from my laptop is lost or not? Will accomplishing and keeping up confirmation spare cash, time and exertion over the long haul by helping other consistence endeavors? What is the association spending now on, reviews for different affirmations and controls and the amount of that will leave if the association can exhibit AS consistence. This keeps the standard significant, in spite of the developing way of data security dangers, vulnerabilities and effects, and patterns in the utilization of certain data security controls. The standard "set up rules and general standards for starting, executing, keeping up, and enhancing the data security administration inside an association (Cortier and Kremer, 2011). This institutionalization merges by predictable surveys and reviews, resource administration, physical security and business recuperation. Taken a toll decrease can likewise be achieved by executing controls robotized to the data framework. The data are the key for today’s data and correspondence world. Taking up the AS27002 benchmarks will completely help the business to drive the procedure to enhance security, and consequently lessens the hazard that may come up later on (Cortier and Kremer, 2011). Therefore, I think this system will offer balance to my data and provide complete security to my laptop. An expert or gathering of individuals who are educated and putting into operation of the control destinations will be a resource for the organization to drive the standard. There is a swell limitation for standardization (Cortier and Kremer, 2011).

Conclusion

The AS27002 is an overall best code of practice for the data security administration. AS27002 is an additional value for money related, wellbeing and government endeavors which have wide systems in various mainland. It sets a benchmark for the better working of the business. Despite the fact that it is not a confirmation standard, it can offer a scope of advantages to the business. These advantages can be changed from business to business, so legitimate arranging is required before execution level. Thus, I must pick the data security rehearses as per its own security necessities and overlook the ones that doesn't have any significant bearing with them.

References

Blake, R. and Ayyagari, R. (2012). Analyzing Information Systems Security Research to Find Key Topics, Trends, and Opportunities. Journal of Information Privacy and Security, 8(3), pp.37-67.

Campbell, J., Ma, W. and Kleeman, D. (2011). Impact of restrictive composition policy on user password choices. Behaviour & Information Technology, 30(3), pp.379-388.

Cortier, V. and Kremer, S. (2011). Formal models and techniques for analyzing security protocols. 1st ed. Amsterdam: IOS Press.

FARIS, S. and HASNAOUI, S. (2014). Toward an Effective Information Security Risk Management of Universities’ Information Systems Using Multi Agent Systems, Itil, Iso 27002,Iso 27005. International Journal of Advanced Computer Science and Applications, 5(6).

Fenz, S., Plieschnegger, S. and Hobel, H. (2016). Mapping information security standard ISO 27002 to an ontological structure. Information and Computer Security, 24(5), pp.452-473.

Gutiérrez-Martínez, J., Núñez-Gaona, M. and Aguirre-Meneses, H. (2015). Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard. Journal of Digital Imaging, 28(4), pp.481-491.

Hankin, C. (2012). Mathematical models of information security. Engineering & Technology Reference, 1(1).

Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management.

Humphreys, T. (2012). Implementing the ISO / IEC 27001 ISMS standard. 1st ed.

Jirasek, V. (2012). Practical application of information security models. Information Security Technical Report, 17(1-2), pp.1-8.

Kadam, A. (2016). Information Security Policy Development and Implementation. Information Systems Security, 16(5), pp.246-256.

Orakzai, T. (2012). COBIT, ITIL and ISO 27002 Alignment for Information Security Governance in Modern Organisations. SSRN Electronic Journal.

Shim, K. (2015). Security models for certificateless signature schemes revisited. Information Sciences, 296, pp.315-321.

Spears, J. (2010). USER PARTICIPATION IN INFORMATION SYSTEMS SECURITY RISK MANAGEMENT.

Whitman, M. and Mattord, H. (2017). Management of information security. 1st ed. Boston, MA: Cengage Learning.

Yaokumah, W. (2016). Investigation into the State-of-Practice of Operations Security Management Based on ISO/IEC 27002. International Journal of Technology Diffusion, 7(1), pp.53-72.