Detailed guide is attached
Conduct an information security evaluation of a person using ISO27002:2013 or higher versions. 
Focus on the issues of access controls, operations security (backup and recovery, protection from malware, updates) and cybersecurity (concerning resilience and protection from cyber-attacks, malware and hacking). 
These issues should become primary headings in your normative model (it is your responsibility to manage the overlap between these issues), and each of them should contain a number of controls that would then form the basis of the normative model and subsequent evaluation. 
The adaption of ISO 27002 (and other sources) for the normative model needed for the evaluation should be guided by risk management principles – that means selecting a set of controls that are likely to be more important in a personal environment and leaving out controls that are not all that relevant. 
As a guide for this assignment, it is expected that you would have around 15 to 20 controls in your customised normative model. 
These customised controls should have a link back to the sources (such as ISO 27002 – using the control number from the standard), so the reader knows where this element was derived from. In some cases, the customised control in your normative model may be a direct copy of the control from the standard, and in other cases, it may be an adaption from a range of sources (such as those covered in the week 4 lecture and tutorial work).