One main concept that has become a critical factor for almost everyone today is the security as well as the assurance of the personal information and now many organizations as well as individuals are putting their best efforts to control or manage the risks of their personal information. Hence, this drives the requirement of a well-defined, completely documented, and also a measurable path for implementing and executing a model for personal information security program. The management of Information Security guarantees confidentiality, credibility, non-repudiation, trustworthiness, and availability of firms’ data as well IT services. It additionally guarantees the sensible utilization of firms’ information assets and suitable administration of information security risks. Therefore, the foundation of models and methods for personal information security has become vital for us. A few information security systems and models have their starting points as regularizing models for information safety assessments, and directed as a feature of a scope of review related activities.
This study includes the information security model for my personal laptop.
Personal situation and Risk Areas
I use to keep my laptop with me at my university campus and use it there to gather information about my assignments, projects as well as tests online. A lot of information related to my study is stored in my study laptop. I use to do NetMeetings with one of my university friends about the assignments, projects and online tests and both of us have suffered from cyber-attacks. A number of assignments prepared by me got stolen by some other students as they have got access to my laptop. As my laptop usually connects with the wireless NIC, so the information stored in it is encrypted, but the transmission of information is not. From the last few months, I noticed that a lot of my personal information has been hacked. My personal information, which include assignment information, project records as well as new online test reports. I then discussed this issue with my friend. We both acknowledged that immense efforts are required to carry out in order to minimize the dangers or risks concerning the personal information management, information privacy and protection. Now, I try to focus more on the betterment of the personal information and security of information stored in my laptop. I believe that some security policies and information security models are required to implement in my laptop for securing my personal data. Also, when I am at my university campus and use to plug my laptop with the university network for the Internet access and to utilize my Work Account on Windows, this network have the ability to see and acknowledge what is on my computer.
Review of a Normative Model
As an IT consultant, I think that the best information security model for me is to use the model with ISO and AS security standards. The AS 27002 is the normative and a controlled model for the information security (Orakzai, 2012). As the AS 27002 is the code of practice model which is generic, and consultative written document, and not a conventional specification just like the ISO/IEC 27002. As an IT consultant, I believe that I should adopt AS 27002 and must assess its own information dangers, clarify the control objectives and apply the appropriate controls using the proper standards for the guidance (Yaokumah, 2016).
Assets Required for Information Security Model AS 27002
I used to apply AS 27002 information security model for my laptop security:
Software assets, this is categorized into two parts:
Application software: Application programming actualizes the information security principles for me. I believe that the making of application software is a tedious task. The trustworthiness of this software is essential for us.
System software: I must use to put resources and invest into different bundled software programs, like, working frameworks, DBMS, utilities as well as development tools, software packages, office profitability suites and so on (Shim, 2015).
Physical assets: I need some physical assets to apply AS27002 for my laptop’s security
Communication gear: Modems, switches, EPABXs and also fax machines.
Storage media: Disks, CDs, magnetic tapes and DATs.
My friend and I have created a team that assist both of us to completely address the information security risks in my laptop. I and my friend, after applicable literature and practices revaluation, have selected AS27002 normative model for our personal information safety (Kadam, 2016). The AS27002 is a simple security model as it focuses more and more on the effectiveness and efficiency of the organization’s IT environment instead of the information security connected to the business concerns (Spears, 2010). It was perceived by our team that the AS27002 represents a decent mix of global acknowledgment level and full exhaustiveness, and additionally it is devoted most solely for the personal information security rehearses built around process and policy management (Orakzai, 2012).
Content of AS27002:2015 Model
Access security: The access security control helps in diminishing the mistakes done by humans, for example, mistakes done by the members of the HR department, and characterizing job responsibilities and assets. I need to timely report the security shortcomings and incidents.
Physical and environmental security: This area concentrates on the physical parts of the security of data and additionally to the data frameworks stored in my laptop. For keeping up the classification, uprightness, and accessibility of the data, a legitimate physical condition for frameworks, records and staff is crucial (Whitman and Mattord, 2017).
Data Security Policies and the ISO 27002 Framework
Policies for data security: It is essential to know whether I have thorough strategies for data security that are endorsed by the administration or not. It is also important to know if it is distributed and conveyed to me (Jirasek, 2012).
Survey of the Information Security Policy: Whether the Security Policy has a proprietor characterizing obligation regarding its upkeep and audit as indicated by a characterized survey prepare. I believe that regardless of whether the procedure guarantees that an audit of supporting techniques and procedures is attempted if the arrangement changes.
- I need to screen all my works, including personality confirmation.
- My friend and I both should formally acknowledge a coupling classification or non-exposure understanding concerning individual and restrictive data (Humphreys, 2008).
- Access control frameworks must themselves be sufficiently secured.
- Fire drills must be led occasionally.
- Write up access to removable media must be impaired on my desktop (Hankin, 2012).
Physical and environmental security controls
Physical access to premises must be observed to anticipate and limit the impacts of unapproved access.
The rundown of completed tasks in the assignments should be approved to get to secure zones and must be evaluated by the user.
Photography recording is illegal inside the Restricted Areas.
Suitable video reconnaissance cameras must be situated at all the doors of the health centre.
University rooms ought to be escorted by us while on the premises.
The date of my own visits must be recorded.
Information safety policy controls
Users access to the university IT frameworks and data must be controlled as per the necessities.
Generic IDs must not be made on generation frameworks.
Passwords must be protected and should be difficult enough to guess.
Passwords must not be composed down in discernable configuration.
Authenticated data must be satisfactorily secured against the unapproved get to.
Users should either log off their sessions before leaving them unattended.
Summary of the tasks undertaken to conduct the review
Since one of the inquiries we have expected to answer was that as to what the genuine difficulties with PIM are, this examination was performed utilizing an exploratory approach (Gutierrez-Martinez, Nunez-Gaona and Aguirre-Meneses, 2015). A model was then created and assessed hypothetically against the difficulties found. An intensive writing survey has been made most importantly to get the fundamental learning in the range, additionally, to abridge the issues and difficulties that exist in the information security territory today. Leading just a hypothetical assessment is clearly a fairly restricted way to deal with testing, programming highlights, since tackling an issue in principle does not mean anything has been unraveled. The procedure of assessment was fairly subjective.
Findings of review and recommendations for improvement
I usually rely upon to embrace an organized data security hazard appraisal procedure to decide its particular prerequisites before choosing controls that are proper to its specific conditions. The presentation segment plots a hazard evaluation handle in spite of the fact that there are more particular models covering this zone, for example, AS 27002. The utilization of data security hazard examination to drive the determination and execution of data security control is an essential element of the AS27002-arrangement gauges: it implies that the non-specific great practical exhortation in this standard gets customized to the particular setting of every client association, instead of being connected through repetition.
Reflection on the methodology or review approach
I believe that the AS27002 is the complimentary standard for data security frameworks and procedures for the security of my laptop as well as for the information stored inside it, as with AS27002 concentrating on administration and giving the essential controls make it conceivable. Both the confirmations concentrate on performing hazard appraisals and afterward rolling out the fitting improvements to the approaches, forms and controls (Fenz, Plieschnegger and Hobel, 2016). I use these standards because AS27002 gauges have been well known for a long time in Europe, especially with monetary associations, therefore, I use information security model to protect my personal information stored in my study laptop. It just began getting to be plainly well known here in the U.S., particularly, among the organizations as well as people that perform a ton of business abroad, where clients expect consistency with the guidelines. The discernment is that exclusive profoundly developed associations are equipped for accomplishing ISO consistence, therefore, making it an upper hand among its security cognizant clients (FARIS and HASNAOUI, 2014). Likewise, given the trouble of getting to be noticeably guaranteed, proceeding with consistency with the standard may spare time and cash on client commanded reviews or surveys; these reviews could be supplanted by giving the documentation building up consistence, much like the AS27002 is utilized today. But before the selection of this information security model, I once need to think again about some critical things to ask that will help me to choose whether to seek for AS27002 consistence or not (Yaokumah, 2016). Does the endeavor need to accomplish confirmation since its rivals have effectively done as such so as to stay focused? At the end of the day, what amount of data loss from my laptop is lost or not? Will accomplishing and keeping up confirmation spare cash, time and exertion over the long haul by helping other consistence endeavors? What is the association spending now on, reviews for different affirmations and controls and the amount of that will leave if the association can exhibit AS consistence. This keeps the standard significant, in spite of the developing way of data security dangers, vulnerabilities and effects, and patterns in the utilization of certain data security controls. The standard "set up rules and general standards for starting, executing, keeping up, and enhancing the data security administration inside an association (Cortier and Kremer, 2011). This institutionalization merges by predictable surveys and reviews, resource administration, physical security and business recuperation. Taken a toll decrease can likewise be achieved by executing controls robotized to the data framework. The data are the key for today’s data and correspondence world. Taking up the AS27002 benchmarks will completely help the business to drive the procedure to enhance security, and consequently lessens the hazard that may come up later on (Cortier and Kremer, 2011). Therefore, I think this system will offer balance to my data and provide complete security to my laptop. An expert or gathering of individuals who are educated and putting into operation of the control destinations will be a resource for the organization to drive the standard. There is a swell limitation for standardization (Cortier and Kremer, 2011).
The AS27002 is an overall best code of practice for the data security administration. AS27002 is an additional value for money related, wellbeing and government endeavors which have wide systems in various mainland. It sets a benchmark for the better working of the business. Despite the fact that it is not a confirmation standard, it can offer a scope of advantages to the business. These advantages can be changed from business to business, so legitimate arranging is required before execution level. Thus, I must pick the data security rehearses as per its own security necessities and overlook the ones that doesn't have any significant bearing with them.
Blake, R. and Ayyagari, R. (2012). Analyzing Information Systems Security Research to Find Key Topics, Trends, and Opportunities. Journal of Information Privacy and Security, 8(3), pp.37-67.
Campbell, J., Ma, W. and Kleeman, D. (2011). Impact of restrictive composition policy on user password choices. Behaviour & Information Technology, 30(3), pp.379-388.
Cortier, V. and Kremer, S. (2011). Formal models and techniques for analyzing security protocols. 1st ed. Amsterdam: IOS Press.
FARIS, S. and HASNAOUI, S. (2014). Toward an Effective Information Security Risk Management of Universities’ Information Systems Using Multi Agent Systems, Itil, Iso 27002,Iso 27005. International Journal of Advanced Computer Science and Applications, 5(6).
Fenz, S., Plieschnegger, S. and Hobel, H. (2016). Mapping information security standard ISO 27002 to an ontological structure. Information and Computer Security, 24(5), pp.452-473.
Gutiérrez-Martínez, J., Núñez-Gaona, M. and Aguirre-Meneses, H. (2015). Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard. Journal of Digital Imaging, 28(4), pp.481-491.
Hankin, C. (2012). Mathematical models of information security. Engineering & Technology Reference, 1(1).
Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management.
Humphreys, T. (2012). Implementing the ISO / IEC 27001 ISMS standard. 1st ed.
Jirasek, V. (2012). Practical application of information security models. Information Security Technical Report, 17(1-2), pp.1-8.
Kadam, A. (2016). Information Security Policy Development and Implementation. Information Systems Security, 16(5), pp.246-256.
Orakzai, T. (2012). COBIT, ITIL and ISO 27002 Alignment for Information Security Governance in Modern Organisations. SSRN Electronic Journal.
Shim, K. (2015). Security models for certificateless signature schemes revisited. Information Sciences, 296, pp.315-321.
Spears, J. (2010). USER PARTICIPATION IN INFORMATION SYSTEMS SECURITY RISK MANAGEMENT.
Whitman, M. and Mattord, H. (2017). Management of information security. 1st ed. Boston, MA: Cengage Learning.
Yaokumah, W. (2016). Investigation into the State-of-Practice of Operations Security Management Based on ISO/IEC 27002. International Journal of Technology Diffusion, 7(1), pp.53-72.