Like other computers, personal computers are playing vital role to perform a variety of individual functions. Today more than 10,000 application programs are available for use on personal computer’s, they include such popular programs as spreadsheet programs, database programs, communication programs and work processing programs. It’s varying as according to needs of an individual. Some examples of personal and private areas that a computer commonly is involved, either directly, Indirectly, through transactions, communication, storage of the records/ logs and other document or other data related to these areas: I. Arsenal Identifying information, financial information, health/medical information, insurance, home/ personal security routing, private/personal matters, business information etc. Identify assets and associated information resources I am using my personal laptop for following physical connectivity: connectivity with internet through physical and wireless connectivity using USB ports to backup my data by connecting plug and play devices like USB , Camera etc.
Using CD RAW for backup and reading data using Bluetooth device for transferring data to mobile device and other computer sing com port to connect to devices like modem , switch etc Using ARC 11 phone port to use fax software using cellular SIMI for connectivity of internet using com port to connect with router switches console etc In addition to above, I am using my personal device (Laptop) for keeping following assets and programs My personal Information I. Educational documents/ assignments, personal documents , work related Important files etc Database programs for remote connectivity Communication software like keep, online TV etc Browsers for internet, media players etc Wife utility software’s Backup files of routers and switches Methodology Review As per assignment requirement I have to evaluate security for a home computer or a computer of Individual person not some business organization where large amount of data is shared and company secrets needs to be secured.
I am using ISO 27000 series methodology to evaluate the security of personal computing situation. The key features of this methodology are as listed below: 1. Access controls users access the system and information, management of accounts , remote access , usage of wireless access and external information system (mobile and portable devices) etc. 2. Awareness and training control In this section before doing some task, a little, limited or expert level knowledge is beneficial to complete the work.
Awareness training regarding information system and security policies defines the scope , role , purpose, coordination and responsibilities in the user. 3. Audit and accountability controls This type of control is normally helpful to keep track of ongoing events and also maintain list of these events identity, that it can be easily traceable in future. 4. Certification Accreditation and security Assessments We have to review the security control in information system on regular basis that all he controls are functioning properly. 5.
Configuration management Configuration management deals with the configuration states of the system, which configuration were effective at time of initial deployment and which changes are required with the passage of time. It also address the secure and insecure state of system I. E default passwords or any addition of unauthorized user. 6. Contingency Planning We have to deal and handle any uneven incident in case it occurred. We have enough resources to resume the operations in case of disruption or failure e. G backup of parts and other services. 7.
Identification and authentication control This section deals with users and devices identification and authentication, that only the authorize user may access the information system assets. 8. Incident response In case of any event or incident occurred how quickly we can handle that event to resume operations. It also deals with monitoring of event, that likeliness of incident may be identified at right time. 9. Maintenance Control It deals with preventive and regular maintenance activities and with the help of maintenance tools we can adopt preventive measures. 0. Media Protection Controls This control highlights the access rights to information system media to authorized individuals. It deals with how to handle and protect information media. 11. Physical and environmental protection Physical and environment protection deals with access, monitor and handle physical environment for information systems and their operations regarding safety measures. 12. Risk Assessment control In this section we have to identify the occurrence of risk I. E disruption, disclosure, unauthorized access and destruction of IS. 13.
System and Information system integrity It deals to maintain the integrity of information and systems. To save system from spam, malicious code, denial of service etc. Justification As Appropriate Tool This methodology is an appropriate tool for assessment of my personal computing situation due to following key factors as detail below: 1 . Thoroughly examine risks of information security, address vulnerabilities, threats, risk avoidance. Also provide a form of risk avoidance or treatment for unacceptable risks. 2. It is suitable for protecting sensitive and critical information by applying access controls I. Account management and unsuccessful attempts by unauthorized users. 3. Enforces basic assessment and audit of events. It helps in noting controls, assessing the risk and highlights regarding the improvements. 5. Covers the issues regarding backup of data and systems, recovery of system and data, and working on contingency planning regarding any incident. 6. Highlight the system and information integrity and physical assets protection. Recommends to develop shield against viruses , malicious codes, spam, inside and outsides threats etc. Moreover, to Keep secure physical environment.
Summary of undertaken tasks and test performed In light of above methodology I have undertaken following tasks and test, to conduct security evaluation: 1 . Management of information system accounts, accounts activation, creation, modification, disabling, review and deletion of accounts. Also the passwords assigned to computer are strong or weak. Test Performed Check how many users accounts are created and enabled and accounts having passwords or without passwords. Furthermore passwords are unique, strong, practical and updated/replace over time or not. 2.
Check status of authorize portable and plug & play devices behavior. Test performed When plug devices like camera, USB, CD and mobile, they are opening automatically. This is big harm for systems, as mostly viruses automatically execute ND effect system files. 3. Review the status of Security assessment and continuous monitoring of information system data and assets. It needs to be checked that monitoring security software are installed, working properly and showing results/weak areas. 4. Security awareness training helps to information system users to point out vulnerabilities.
Test performed After reading information security document, a lot of loopholes need to be addressed like unnecessary ports are open which are not in use. 5. System configuration review like monitoring of changes and user access privileges Test performed Usb or other media contains viruses are affecting the system and changing the initially deployed configurations. Furthermore, by login through user account having rights to change configurations of system or access secure data. 6. Handle the unexpected event when it occur so contingency plan is required to be most effective.
In case failure of hardwired what is the effect on data, how to resume operations. In case of deletion of critical data. 7. To save information security assets from physical Data is secure and incase of lost can be recovered easily. Proper recommended power equipment is using. Assets are save from fire or water. 8. To keep clean computer from viruses and mallards. Is an antivirus program is installed and detecting viruses. New virus signatures are checked daily. 9. Third party providers and to monitors providers compliance.
First of all we have to learn about product, and said product is compatible with the existing system. 10. Secure the backup of important files and folders Software is working and making incremental backup of files. Monitoring of backup files periodically. Findings of Review After undertaken the tasks to conduct the review and performing relevant tests, endings are given below: 1. To secure the personal computing environment its need to disable other accounts e. G guest, unusable accounts except administrator. Password selected for administrator account is combination of special characters, digits and alphabets.
Also it is unique, non related to other passwords and easily memorable. 2. Disable the auto plug and play of devices. And installed Usb disable software which is protected by password. 3. Monitoring software like antivirus program AVGAS with latest definition is installed and to check their functioning that working properly I. Reregister to analyze the associated risks etc. 4. Basic awareness about the threats, mitigation procedures and identification of vulnerable areas through software are possible after necessary training. 5. Installation of software I. Deference to keep save system configurations from changing or altering. Restricting and assigning user rights to other users, shall not be able to effect system configurations. 6. Contingency planning is required incase of unexpected event. Like incremental backup of data, availability of required and relevant software etc 7. Physical hazards can be avoided by restricting the physical ND logical access of unauthorized user. Keeping save from short circuiting etc by using proper voltages or recommended power adopter. 8. Installation of latest antivirus program I. Norton with latest definition. 9. Third party software need to be licensed and to check the compatibility with system. 10. For backup of critical data, For improvement it is recommended that backup of data may be taken with regular intervals, latest software with updated definitions and licenses shall be used. Contingency planning and risk assessments software may be used to mitigate the vulnerabilities. Furthermore, necessary awareness of weak areas are required that unused and open areas for insiders and outsiders may be blocked.
Incident response area needs more improvement, that issue may be identified and resolve immediately. Furthermore, above methodology is covering all key security issues relevant to individual computing situation. Reflections on the Methodology Comprehensiveness of review In view of above, using the above methodology or review approach and to apply my personal experience, this methodology is very useful to secure my laptop and covers many of the major issues as given below: 1. In Physical protection I considered unauthorized access, power protection, damage to device, financial insurance etc. . Using latest licensed operating system with all recommended patches and using daily automatic updates (with additional measures by reinstalling Operating system periodically). Furthermore using NETS file system. Keep the backup of Operating system as image. 3. Using secure password protection I. E bios, setup, SO startup and screen saver and disabled guest and other users. Disabled remote access. 4. Preventing worms and viruses through software firewall (windows), security analyzer est./tools, browser filtering, antivirus, anti-mallard. 5.
Clear private data from web browsers, using software to avoid malicious script protection, registry modification protection and malicious program protection. 6. Only download software from reputable sources and do not leave devices unattended. 7. Keep turn-off auto play of plug and play devices. 8. Keep back up of registry file and other important information on password protected backup devices e. G Usb and DVD’s. Using 9. Keep disable wireless access and internet when not required. 10. Use of risk assessment tools like Reregister,CA- Examine and chapped to identify vulnerable areas in the system 1 1 .
Blocked the unused open ports. 12. Initial configurations are saved by Deference software. 13. Contingency planning to keep backup of software and hardware. The methodology has covered a lot for computer user to improve security for home computer user and can make home computer environment secure or tallest educate new user. Furthermore, said methodology approach indicated toward outstanding issues and encourages exploring areas and finding out mitigation measures. This methodology pointed towards broad issues like denial of service but its resolution ND to address issue is on user knowledge and training.
Risk profile risk profile highlight the type of risk, numbers of risk and potential effects of risk. Risk management of these issues as per methodology Loss of device , by damage, by theft Backup of data online e. G email account / office computer , insurance of device. A worm or virus imported with a plug-in or some other downloaded software. System restore is turn on. Try to recover system as first good know configuration. Backup of operating system as image file. Just to upload operating system with new image in case of critical virus and non recoverable state.
Accidental deletion of file ‘folder / drive Save critical data to other locations in system at time of working Use of free software for incremental backup e. G COMMON backup utility. Said utility can easily backup your local files and folders to anywhere on your computer, network, DVD / CD or even FTP server. Plus it can be set to run automatically on specified time intervals. Unauthorized access Using secure password protection I. E bios, setup, SO startup and screen saver and disabled guest and other users Damage to any part , Hardships Ram , Lana card Availability of spare Hardships, Ram etc
Latest threat, vulnerability awareness Training and awareness of threats Internet and WIFE access Using secure protocols and keep off the access of internet when unused. Use of firewall etc. Application by Public Member The above material covers all the keys aspects of information security. By adopting all the area a public member can take benefits features of methodology like addressing access control, awareness and training, security assessment, configuration management controls, contingency planning , incident response and physical environment protection etc.
Basic proprietary and non-proprietary software are commended are providing basic security and protection to system. Backup techniques and strong password techniques are indicated for security of data and information system assets. Awareness about vulnerabilities and tools is the strong recommendation of this methodology and if good for the knowledge of any public member and by gaining knowledge any one can save his computing situation from risks.
So I turned off guest account and deleted ASP. Net account. It better to delete unnecessary accounts. Unauthorized user can try to find out passwords by trying attempts Unauthorized user is trying to find UT pattern of passport to access to applications OR Password forgotten It is the option available that you keep indication I. E any word, in case you forget your option. It’s better to keep it blank or to point out that contact administrator. In my case, field is blank which is better to not give any clue to assess device. Assigned password is unique and easy to remember. Hat are connecting to laptop may not making any harm to computer. USB, camera, mobile storage and cad’s are hookup with computer for relevant functioning. When device hookup , it is by default restricted for outplay and furthermore scan by antivirus software for removal of malicious software. Security awareness training to information system users Know-how about the system access and threats Basic system information and its relevant processes is required. It make easy to find out threats utilizing system memory and other resources. Security assessment and continuous monitoring of information system controls.
Preventive measures for information system It is observed that windows firewall is detecting the threats and updated. Its day to day monitoring is required that data is saved from harmful activities. Monitoring of there relevant software are also working like antivirus program. Data is stored in the safe place. System configuration review like monitoring of changes and access restrictions Limited access in case another user may allow to access system or any unauthorized changes Laptop system configurations are saved in form of backup I. E image of SO.
Other local available software like Deference and windows system restore is useful to reinstate the system configurations. Sometime other user like to access laptop so they are given access with user rights account that they cannot make any changes in system settings. How to handle the unexpected events when they occur Necessary measures are required to access the data and resources in case of any failure or disruption. Address contingency planning. In case of failure of one are more components, I have backup of these physical components I. Ram, Lana card. In case of software crash, necessary software are available. If any activity is happening then how security incidents are detected and monitored Incident is happening or near to happen how to response it immediately In such scenario if firewall or antivirus program is not working properly then I be reinstall and update or replaced tit latest software. Moreover, I am using Risk assessment tool which a user can use to assess the user level security For example Reregister or Smart.
How to take necessary maintenance measures If any software and hardware maintenance is required Several maintenance tools are available for repair of registry and other software. Windows also provide necessary maintenance and repair. I use such tools to fix bugs and patches to manage necessary issues. To save information security assets from physical hazards Any physical hazard like physical access, theft, power issue, fire protection and water damage. I take necessary measures such as usage of proper and recommended voltages and recommended power adopter. Keep computer save from child etc.
Keep necessary measures from theft and purchase of insurance. Save data from theft , hack or from accidental delete by making backup. Third party personnel security concerns Windows system protection is not enough to save from harms. For personal devices security use of third party software are providing extra shield. In and Microsoft windows defender. Identification and addressed of vulnerabilities Vulnerabilities giving the opportunity to insider and outsiders the access to exploit he information system assets Different software are available to monitor the vulnerability relating to system control.