A Security Evaluation of Personal Information Management - Term Paper Example

Name: Course: Instructor: Date: Report: A Security Evaluation of Personal Information Management Overview of the personal situation Personal information and data privacy is an utmost desire of every individual. For instance, no one is willing to allow unauthorized access to personal and private data just like most people are unwilling to disclose confidential information. As a result, it is a common practice to see people devise mechanisms of securing their personal information and data in either encrypted formats or in online platforms that can only be accessed upon authorization (Stamp, 2011 p. 46). The intended security evaluation of personal information management will therefore seek to explore the safety of my data and information which is stored in my home computer, smart phone and personal laptop. The home computer contains personal information relating to the family and property owned. For instance, information such as birth certificates, details of family property, and details on the various investments owned and agreements of lease transactions are stored in the home computer. On the other hand, the personal laptop contains personal academic documents. For instance, information regarding my academic progress reports, college and student details, the various learning material (notes, term papers and assignments) and even my project documents are stored in my personal laptop. The smartphone contains personal social information and some confidential data that might be required in emergency cases. For instance, the smartphone contains some learning resources, photographs, and personal emergence details such as my hospital insurance number and contacts f my next of keen. In a nut shell, all my personal confidential information is stored in the three devices discussed above. Some information is stored in form of document files while the other, especially in my personal laptop and home computer, is stored in form of online accounts secured by passwords. The major aim of this paper will thus be to carry out an exhaustive evaluation of the security of all personal information stored in the named devices with a view of establishing the level of informational security and the extent to which the information is susceptible to access by unauthorized personnel. Normative Model used for the Review According to the Australian standards, data is safe when it is secured from access by unauthorized individuals (AS ISO/IEC 27002:2002). In this case, all efforts to preserve and secure data are aimed at storing the same information in a form that can either be interpreted by a certain group of people only or designing certain security measures to allow access by a certain group of individuals only. In some organizations, rules and regulations are designed to categorically describe members allowed to access certain information and the circumstances under which others might also be allowed to do so irrespective of their status. Where possible, password alongside biometric features is used to ensure that information security is guaranteed. Hence, the evaluation model chosen will revolve around the methods of information security used to safe guard my information. Similarly, Australian standards demand that the information security model used is resistant to most commonly used unauthorized information access techniques (AS ISO/IEC 27002:2002). For instance, when it was apparent that most people secured their information using password, ethical hackers came up with software programs that could bypass such passwords and hence rendering them ineffective in provision of information security. Hence, the standards demand that information be secured using such methods that cannot be easily conjured by unauthorized personnel who might try to sneak into the information stores. In fact, the concept of biometric based security systems was hugely developed as a measure to curb rampant secured information access from third parties. Hence, while carrying out the evaluation, efforts will be made to ascertain the susceptibility of the various security methods used to common trickery used by information hackers. Finally, encryption is another concept advocated by the Australian information security standards. Information encryption is inherently done to ensure that the stored information can only be interpreted and understood by a certain group of people only while remaining useless to unintended people (AS ISO/IEC 27002:2002). In such a case, the information still remains secure even when there is unauthorized access. However, due to the universality and common features between the various encryption techniques, there is a tendency of such information hackers to collaborate with experts who can help them interpret the encrypted information. Hence, encryption is rarely used as a stand-alone information security method but instead used alongside biometric based systems to enhance the security of the stored information. Hence, the normative model for evaluating the security of my information will also incorporate activities that seek to establish the level of encryption used at various instances. Tasks undertaken to conduct the Review The initial evaluation point regards accessibility of my personal information in my personal laptop, home computer and smart phone. In this regard, I evaluated the susceptibility of my security codes and passwords to access by a third party, in this case an unauthorized person. All my data storage gadgets are secured with passwords which are only known to me. Although I have attached passwords hints to help me quickly recall them, it is unlikely that someone else may interpret such hints to get the right password and hence access my files. Similarly, all my accounts require double verification for access. For instance, they are set as resident accounts in all the gadgets and hence, accessing the accounts from a different device requires two major steps. One must thus provide a password and subsequently enter a verification code, which is often sending to my cellphone number before access is allowed (Whitman, 2016, p. 75). It thus makes it extremely hard for anyone to access any of my online accounts using a different device since the verification such a person will definitely stop when asked to submit the verification code. I subsequently carried an evaluation of my information with regard to information recovery in case one of the storage point crashes down, is stolen or develops some technical hutches and hence inaccessible. In this regard, I own a separate hard disc drive onto which I have copies of all information contained stored in laptop, home computer and smart phone. The hard disc drive thus serves as my backup storage. The principle essence of the backup is to ensure that I still have a place to access my information even when the storage gadgets are stolen, crash or faced with any technical issues that may render them unavailable at the time of need (AS ISO/IEC 27002:2002). Similarly, with the backup storage hard disc, I can access all the information in using a single device as opposed to opening up all the three devices to access different information (Von solms , & Von solms, 2009, p. 132). For instance, once the hard disc is plucked into any computer, I can access all the information in the laptop, phone and computer. I also sought to evaluate the level of encryption as a security method for securing information. All my information files are arranged in folders according to the type of information contained in the folders. Hence, I can easily pick out a folder once I establish the nature of information I require. For instance, I can easily locate my certificate from the folder named academic certificates or retrieve my project documents from the folder named projects and desertions. Similarly, any new person will not have problems locating files from my storage devices. It therefore goes without saying that I have not employed any level of encryption in my information security methods. It thus leaves me depending on the security against access as the only security measure to safeguard my information. Once anybody can successfully manipulate and access the file locations, then he poor she will have little trouble picking out the various information flies from the folders. Findings and Recommendations The evaluation exercise presented me with both strengths as well as weaknesses of my information security measures. For instance, the use of a double verification security method for online accounts is effective in restricting access to personal information by people not allowed by the owner. The emergence of extremely sophisticated hacking software has rendered passwords, which for a long time served as the most preferred information security tool, ineffective in offering the desired protection. Regardless of the complexity of the characters that make up the password, one can easily break them using the hacking software and access the restricted information (AS ISO/IEC 27002:2002). Hence, the requisition of an access code serves to once again empower the use of passwords. For instance, despite the use of the hacking software, one is unable to access such information in the online accounts until the code is entered. Similarly, besides prompting the user to enter the code, most modern browsers will alert the genuine owner of the account of such attempts to access the account. Another evident strength of my information security system is the incorporation of a backup storage device. Apparently, the different storage devices and the backup storage supplement each other. However, the advantage of a backup storage lie in the fact that all the storage devices cannot be fully reliable; at certain points, they are bound to either break down or develop problems. For examples, the smartphone can easily be stolen, the home computer becomes unusable in the absence of power and the personal laptop can either be stolen or crush due to the nature of the programs contained. A backup therefore ensures that there is always a way of retrieving the lost data in such unfortunate circumstances. Despite the above positive outcomes of the evaluation, there were also instances where shortcomings were noted. For instance, despite the presence of a backup storage device, the frequency of updating the backup by way of incorporating the most recent files into the hard disc was irregular. In this case, the dependency on the backup to serve as an alternative source of information becomes limited to only old information (AS ISO/IEC 27002:2002). There was an evident need to increase the frequency of updating the backup and subsequently shorten the time between one update and another. Increasing the frequency of updating the backup will ensure that at any given time, the external hard disc contains all the most recent files as contained in the smart phone, home computer and personal laptop. Otherwise, the hard disc is likely to serve as an archive containing old and perhaps obsolete information as opposed to containing updated information that is useful to the owner. The lack of encryption in the information security system was identified as a major shortcoming of the system. Encryption does not always to incorporate extremely complicated technologies as those used by organizations and other corporate entities but any unique way of securing information to limit access by unwanted people. For instance, despite that most folders constant straight forward information whose content cannot be altered to encrypt, the folders can be named in such a unique manner such that it’s only the owner who can tell the different locations for the different files. Some common encryption methods applicable in this case would be using unique codes to name the different folders in the different storage locations or the use of folder within folder in which information is kept in the innermost folder. Reflection on the methodology The security evaluation review was an extremely important undertaking since it helped establish the exact security situation of information stored in my home computer, laptop and smart phone. For instance, it could be hard to identify the level of exposure of the information to security threats without such and elaborate evaluation. In fact, more often, people lose their valuable data not because it is not secured but due to fact that they tend to be overconfident of the security methods even amidst changing technology. While passwords were initially preferred as the most effective methods of securing information and personal data, the emergency of hacking software has rendered them ineffective (Whitman, & Mattord, 2012, p. 104). It is only through such security evaluations that one get to learn of the most recent practices in information security and subsequently adjusts the existing practices to offer the best security for information stored in different devices. The evaluation exercise was also important as it helped establish some of weaknesses of my current way of securing information and in the process, helped me explore on alternative and most effective approaches to information security. For instance, it would extremely hard for one to imagine that the concept of encryption can be applied on securing information at a personal level; mostly, encryption is often associated with organizational entities and government parastatals which often have huge volumes of information to safeguard. However, through the evaluation, it turns out that encryption can subsequently be used at a personal level especially where the concerned persons seek to seal off any loopholes that might expose their private information to unwanted people. Due to the importance of the evaluation undertaking, it could be more effective if it were done more frequently. Technology, for instance, keeps on changing in terms of sophistication and innovation almost on each passing day. As time goes by, people discover more creative ways of doing things, including more advanced techniques of intruding into secured private information. The only way to stay updated and maintain secure persona information is thus to carry out regular periodic evaluation exercises. Through the evaluations, one is able to establish the vulnerability of his or her personal data and hence make the relevant adjustments to further secure the same. References AS ISO/IEC 27002:2002: Information technology—Security techniques—Code of practice for information security controls STAMP, M. (2011). Information security: principles and practice. Hoboken, N.J., Wiley. http://public.eblib.com/choice/publicfullrecord.aspx?p=738753. VON SOLMS, S. H., & VON SOLMS, R. (2009). Information security governance. New York, Springer. https://books.google.co.ke/books?id=PO9xjtfAnoEC&printsec=frontcover&dq=information+security&hl=en&sa=X&redir_esc=y#v=onepage&q=information%20security&f=false WHITMAN, M. E. (2016). Management of information security. [Place of publication not identified], Cengage Learning. https://books.google.co.ke/books?id=_aIZDAAAQBAJ&printsec=frontcover&dq=information+security&hl=en&sa=X&redir_esc=y#v=onepage&q=information%20security&f=false WHITMAN, M. E., & MATTORD, H. J. (2012). Principles of information security. Boston, MA, Course Technology. https://books.google.co.ke/books?id=L3LtJAxcsmMC&printsec=frontcover&dq=information+security&hl=en&sa=X&redir_esc=y#v=onepage&q=information%20security&f=false Read More