Personal Security Plan Assignment Content

Minimum Expectations for Your PSP

At the very least, your PSP needs to address your most valuable information resources and, again, only you know what is important to you. In addition, because we are going to use specific cybersecurity tools in this class, you are required to include a discussion of password management, 2FA, VPNs, data backups, and software updates as well as some form of your asset attribute table. All of these subcategories come with a separate lecture during the semester.

Password Management

Your PSP will provide details about how you are managing your passwords and address important aspects such as soft/hard copies of your password vault. In addition, you will conduct a series of tasks presented in later modules related to the LastPass password manager application.

2FA

Your PSP will provide details about which of your accounts have 2FA enabled and the types of 2FA uses as well as address account access recovery procedures if you lose access to your 2FA source. In addition, you will conduct a series of tasks presented in later modules related to configuring multiple types of 2FA mechanisms on the LastPass password manager application.

Data Backup and Recovery

Your PSP will present your personalized data backup and recovery plan that include how, where, and how often your data will be backed up. In addition, you will conduct a series of tasks presented in later modules related to disk imaging and restoration.

Device and Application Enumeration and Updates

Your PSP will discuss how you will inventory and update the applications and operating systems of your important computing devices. In addition, you will conduct a series of tasks presented in later modules related to asset inventory, application enumeration, and vulnerability scanning and management.

PSP Considerations

The point of you creating a PSP is for you to go through the process of identifying your information assets and conducting a risk-based assessment that only YOU can do for YOU.

Make it useful. Include enough information for you to follow your plan (dont just rely on your memory; this is your documentation). Your just-woke-up-from-a-coma self needs this information.

Realizing that some security actions will be required more or less often than others, how will you handle that? (For example, changing your master password.) I am asking you how you are going to track your compliance with your security plan (a topic of interest that we will cover in more depth for an organization, but applies to you personally, too). Hint: maybe use a calendar with reminders.

Now I really want this PSP to be a useful document for you. However, I do realize that I am asking you to put a bunch of information together that is, effectively, aggregating your risk into a single document.

Your PSP itself needs to be protected.

You still need to turn something into me (reasonable redaction allowed).

You may need to share the PSP (so think about how you are going to do that and with whom).

Remember your digital legacy concerns, even if you are young and dont think you will have to worry about this for a while. Plan for it now.

As Hans and Franz are want to say: Hear me now, believe me later. Your PSP may be the most important takeaway from this course, so treat it like it is important not just for your grade, but your security sanity going forward. And please dont wait until the last minute to work on this project.

OPTIONAL RESOURCES:

https://ssd.eff.org/

https://medium.com/@nickrosener/an-in-depth-guide-to-personal-cybersecurity-be98ba47c968

https://decentsecurity.com/

https://www.cisa.gov/protect-myself-from-cyber-attacks

https://www.cyberaware.gov.uk/

https://staysafeonline.org/