Information Assurance at the PC Level

Information security is often approached by an organization from the top down, with a solitary measure at each level. For example, a company may attempt to secure the network level with a firewall, the server level with password authentication, and the personal computer (PC) level with virus scan software. This paper contemplates a bottom up approach to information security, where attention is given to information assurance at the PC level initially, rather than as an after thought. Information assurance for an individual PC is examined within the context of threat vectors, with an emphasis on risk mitigation and how to achieve it. Basic security measures are enumerated for each threat vector with a 'how to' approach. The information security field and information technology in general are always evolving so the information presented herein is by no means all inclusive. Rather security at the PC level is explored within a structured framework in an attempt to elucidate basic security concepts and to demonstrate some of the current applications of those concepts.