User Account

All Pages

Conduct a security evaluation of computing situation

Assignment Help Other Subject
Reference no: EM131042334 , Length: word count:2000

Introduction-

This is an individual assignment and requires students to conduct a security evaluation of their personal computing situation and report on the results of this evaluation. The main body of the report is expected to be around 2000 words but quality is more important than length. The intention of this review is to give you exposure to some of the issues that organisations might face when conducting such an information security review around the use of technology within the organisation.

Requirements-

This assignment is intended to cover the full range of your personal computing situation - this will include any home computers, laptops and home networks; any mobile devices that you may have including smart phones and tablets; and any other storage media that you use to store related information. Where you store personal information online, you should also include this in the review.

The first step in the review is to identify all of the relevant assets and any associated information resources that are to be considered by this assignment. It is important for your report to include a description of these assets so that the reader has a context within which to situate the investigation and its findings. You should also include an overview of what these assets are used for, as these uses will influence the risk environment.

In conducting such a review is common practice to have a normative model against which the situation is assessed. You should use AS 27002:2015 as the primary source for constructing a customised normative model for this review. Note that it is important that the review extends beyond the simple technical aspects of the situation, so the customised model should account for non-technical aspects as well.

Doing a detailed review using all of the controls from AS 27002 would be far more work than would be normal for an assignment of this nature, so there is a need for students to be selective about which parts of the model they apply in the assignment. This could be achieved by omitting some parts of the model, or tackling some issues at a higher level (eg, by using the chapter heading as the basis for a broad set of comments about the particular issue). The adaption of AS 27002 to your circumstances should be guided by risk management principles - that means selecting a set of controls that are likely to be more important in a personal environment and leaving out controls that are not all that relevant.

As a guide for this assignment, it is expected that you would have around 20 to 30 controls in your customised normative model. These controls should have a link back to the relevant control from the AS 27002 standard so the reader knows which part of the standard this element was derived from.

To illustrate this process of adaption, Section 5 of AS 27002 covers issues associated with security policy. For a personal situation, it would be quite unusual to have formalised written security policies in place, so lack of such written policies would not be a reasonable finding to make in most circumstances. However, it is quite likely you might have some informal policies in place, such as who you might let use various facilities, what security software you use, and how you backup your data. This suggests that it could be helpful to have a general control in your adapted evaluation model relating to security policy, but keep this at a high level and use it to consider whether your informal policies are adequate for the situation at hand.

After constructing the customised normative model, you should use this to conduct a review of your own personal information security situation and report on the findings and recommendations. In conducting the review, you may find it helpful to undertake some tests to verify some of the findings. As an example, you could physically check backup stores and verify that they keep the most recent copies of the data, as per the backup arrangements that you think might be in place. You could also use various software tools to verify security elements of the technical environment.

In making the findings and recommendations, you should be guided by the risk environment you are operating in. For example, you would not make recommendations about implementing a rigorous backup routine if you had little sensitive information to lose - you should suggest a contingency approach that matches this risk profile.

After completing the review you should reflect on how well this whole process has worked. Examples of the questions you may consider include: Is a review of this nature worth the effort? Are there easier ways that could be used to provide reasonable assurance about information security risks? Is it likely to uncover the main information security issues and make reasonable recommendations for change? Has your adaption of the security model provided an adequate coverage of the issues for a personal situation such as the one you are in? How easy would it be for others (particularly people without a strong IT or security background) to use these materials to assure themselves that they are not exposing themselves to unwarranted information security risks?

Chapter 7 and Appendix A from Whitman and Mattord (2011) provides some information on conducting an information security assessment, although you should note that this is aimed more at organisationally based situations. The normative model in Chapter 7 of Whitman and Mattord is based on the NIST SP 800-53A publication, so while this could be a useful guide to the issues that could be covered, it is not the model to use for this assignment. The normative model in Appendix A is loosely based on the ISO 27000 series of standards so this could be used as a guide as to how the ISO 27002 model could be customised for a particular situation. Note that this is based on an older version of the standard and you will still need to undertake your own adaption of AS 27002. Whitman and Mattord make a comment about the need for such an adaption in the box on p 88.

In summary, your report should include the following:

  • an overview of your personal situation and the key risks areas that may be present;
  • a discussion of the normative model that you have used for you review. This section is mainly concerned with how you have customised the AS 27002 model;
  • a summary of the tasks undertaken to conduct the review. What steps did you follow in conducting the review? What evidence did you consider in helping you form your views? What tests did you perform in order to verify the answers to key review questions? Did you use any automated tools for any of this testing?
  • the findings of your review and recommendations for improvement. You should provide a summary of the good and bad issues that arose from the review. What issues from the situation came up looking good in the review, and where was there room for improvement? What things would you change in order to improve the information security environment? It is important that this section only presents a summary of the key issues from the review - the details of the evaluation of individual controls should be put in the appendix;
  • a reflection on the methodology or review approach, following your experience of applying it to your personal computing situation. This is an important part of the assignment and should not be neglected.
  • an appendix with the details of your review. The detailed questions and issues considered and the assessment against these issues should be included in an appendix in a table format. This material is not part of the main word count for the assignment. While this appendix is not part of the word count, this will be part of the assessment for the assignment and the marker will need access to this material to ascertain the extent of the review that you have undertaken.

Reference no: EM131042334

Questions Cloud

The misinterpretations model : Discussion Topic We will use this discussion thread to generate and respond to working thesis statements for the essay due at the end of this unit. Greene and Lidinsky present four helpful models for formulating a working thesis: The Misinterpretatio..
What are rights of dissenting shareholders : The Trapp Family Lodge, Inc. (TFL), was incorporated in 1962 as a holding company for certain assets of the Vond Trapp family, including the Trapp Family Lodge, a resort hotel in Stowe Vermont, and other assets, including certain royalty rights relat..
What actions could the government take to move the economy : What actions could the government take to move the economy back to potential GDP?I also need to graph this :S I am not very good at economics
What is the political message of each movie : Compare and contrast the following four movies: Wall Street, Do the Right Thing, Primary Colors, and Thank You for Smoking. Discuss the political content of these films. What is the political message of each movie? How does the film reflect the so..
Conduct a security evaluation of computing situation : This is an individual assignment and requires students to conduct a security evaluation of their personal computing situation and report on the results of this evaluation. The main body of the report is expected to be around 2000 words but quality..
All shortages are backlogged-optimal inventory policy : Chicago's Treadway Tires Dealer must order tires from its national warehouse. It costs $10000 to place an order and $400 to review the inventor level. Annual tire sales are N(20000, 4000000). It costs $10 per year to hold a tire in inventory, and eac..
What is the price elasticity of the demand for tickets : Likewise, market research indicates that you can sell 15 000 tickets for the First Division fixture at R10 each, or 5 000 tickets at R20 each. Which option would you choose? What is the price elasticity of the demand for tickets for this game?
Play fair on a scavenger hunt : Now that you are an adult, you decide to test one of the truisms passed along by your mother: "Cheaters never win in the end." You randomly assign a group of 20 children to either cheat or to play fair on a scavenger hunt.
Explain who you are as a researcher to your reader : Consider including research you've conducted over the semester through the blog assignments in this section. What have you noticed about gender, class, race and sexuality in popular culture for other media texts?

Reviews

Write a Review

Other Subject Questions & Answers

  Discuss the historical perspective of time when each policy

Discuss the historical perspective of the time when each policy was discussed or implemented. Indicate the context or the problem of the day and the urgency for the policy.

  Information about domestic terrorism

What can be said of the relationship between extremism and terrorism? Are all terrorists extremists? Are all extremists terrorists?

  What is expected of you as required by the law

Your team has been asked to supply information to the state legislature as to what you, as a human service professional, are responsible for when working with the criminal justice and judicial systems. What is expected of you as required by the la..

  What judicial philosophy

What judicial philosophy should guide the Supreme Court's exercise of judicial review? Should the Supreme Court's power of judicial review be strictly limited by a constitutional amendment?

  In the times explains that we find it irritating

The chapter's "In the Times" explains that we find it irritating when other people-speak to us too loudly. stand too close when they speak to us.

  Find e-mail address for contacting review board

Having approval from your school's research review board is a crucial step in com- pleting your research. Visit your school's home page online and search, either in a search box or an A to Z index, for information on your school's institutional re..

  Discuss one specific class of antihypertensive medications

Discuss one specific class of antihypertensive medications in detail. Discuss mode of action, indications, contraindications/cautions and nursing care of clients on these medications

  Role of drives in understanding the oedipus complex

Has it been a mistake (made since the 1940s) to deemphasize the role of drives in understanding the Oedipus complex?

  Define evangeliam as it occurs in acts

Read all of the biblical book of Acts with reference the book "The Mystical Way of Evanglism" by Heath's , I need you to read in the content of thier good news relationship between DEED AND WORD. Define evangeliam as it occurs in Acts

  Part of the core of online learning

The Discussion Board (DB) is part of the core of online learning. Classroom discussion in an online environment requires the active participation of students and the instructor to create robust interaction and dialogue.

  Resurgence of islamic fundamentalism

What factors have led to the resurgence of islamic fundamentalism (or revivalism) in afghanistan, iran, and other parts of the muslim world? Why do the buddhist and hindu religions usually have less political activity in national politic than islam..

  Relationship between the variables

Generate a scatter diagram relating y 5 productivity (units/hour) to x 5 number of units in the backlog area, then apply an appropriate polynomial model to fit the data. Does there appear to be any relationship between the variables? How much of t..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd