Security evaluation of personal information management

Personally, there is a lot of information that I use and process during my day to day activities. In order to analyze the information and entertainment material that are stored in my devices, I will use will first list down the digital devices that I use and their usefulness in the information management and security. The first device that is use to access and manipulated information is my cell phone, this is a hand-held device that has for multiple purposes such as making phone calls, accessing the internet connecting to smart watches and connecting to computers/laptops. while using cell phones, there are a variety of risks that need to be addressed that are related to information and risk management. Phones are primarily made for communication use which means that they are also used to store information such as cellphone numbers and locations.

Similar to cell phones, the laptop also has records of passwords that have been used to access online bank accounts and online money transfer websites such as PayPal. If all this information falls into the wrong hands, there are possibilities that I could surfer a great deal of financial loss. Connected to the laptop or computer are printers, these devices do not have storage capability are they are used to print hard copy versions of documents or data that is in the computer. This makes them a risk as unauthorized access to the printers may give the hacker a chance to intercept all the information that is being sent to the printer. Normative model discussion After analyzing the security risks that I face as a result of the devices that I have at home I made a customized version of the AS 27002 model that would be applicable to my situation.

this measure ensures that any unauthorized people who might have a gained access to my Wi-Fi passwords are locked hence securing my devices from unauthorized access. Information security policies also manage the relative or friends who access my devices and Wi-Fi network. These policies include policies that would require anyone who needs to use my personal computer to use a guest profile that uses a different password from the main password, the guest profile also has limited access to the files my files hence less risks of losing files or exposing private files. Lastly regular backing up of information would be an applicable security policy as it would help avoid loss of data in case my devices are damaged or stolen.

Back up can be done in could storage or in physical drives that are stored in different locations. this is important because deleting information in the normal no secure methods leaves possibility of information being recovered using advanced data recovery tools. Access control In organizations access control is done in various levels because all the devices are located in offices that are made specifically for the organizations employees, this restricts non-authorized people from gaining physical access of the devices that contain information. on the other hand, personal devices that are kept at home are hard to restrict access from because the house they are stored in has gives access to a large number of people who may end up compromising the information security (Whitman and Mattord, n.

d. For instance, living with fellow students means that they would be able to invite their friends who might also come with their friends; this creates a security risk as one of them might try to access devices that do not belong to them. In normal circumstances it is usually easy to access information that is stored in laptop hard disks or phone memory care, all one needs to do is to switch the storage disks to a device the he/she has access to. In order to keep my information, secure I would use the available windows features to encrypt my disks to ensure that they remain safe even if they fall into the wrong hands. Physical security physical security is enforced by ensuring that not everyone can gain physical access to the areas where technical security devices are stored, this might be hard in a home environment as it can not be strictly enforced in the same way it would be enforced in an office environment.

In order to enforce physical security at home, it would be advisable to install doors that need authentication before someone enters. In extreme cases the authentication would be through biometric verification. The other devices that I found where not as important in the information security, these are printers, play stations and televisions. The other task undertakes was the assessment of the security available in the area. I checked how easily accessible the area was, after thorough checking I found out that the house was accessible to anyone as the gate and doors was rarely locked and it also lacked a security guard who would help guard the place from intruders. Findings and recommendations After the review, it was evident that there was a problem in regard to information security as the house was always open leaving it accessible to people who might be looking to steal or gain access to my devices.

The areas where important devices are stored was also unlocked leaving them exposed, the last measure of security which includes the activation of password requests in my devices was also not available and this was last line of defense for the information saved in my devices. oipc. bc. ca/guidance-documents/1439 [Accessed 20 Apr. Sans. org.  Strategic information security. Boca Raton, Fl. : Auerbach Publications. Appendices Appendix A Biometric verification: Barometric verification is a way in which people are able to be uniquely identified through one or more biological traits for instance; fingerprints, hand prints iris patterns and DNA signatures. Appendix B Encryption: This is a process where algorithms are used to scramble data to make it unreadable to people who might intercept it or access it without authorization.