logo

BYOD Policy Design for Southern Cross University

Assess the risk from the BYOD policy to the organisation's information system

8 Pages1829 Words264 Views
   

Added on  2022-11-19

About This Document

This report discusses the risks and modifications required to mitigate the existing BYOD policies for Southern Cross University. It covers the potential vulnerabilities of each threat, certificate-based authentication, comparison with password-based authentication, phishing attacks, and their handling instructions.

BYOD Policy Design for Southern Cross University

Assess the risk from the BYOD policy to the organisation's information system

   Added on 2022-11-19

ShareRelated Documents
Contents
Introduction........................................................................................................... 2
Risks from BYOD policy to the organization information system........................2
Potential Vulnerabilities of each threat...............................................................2
The risk to the organization information system................................................2
Certificate-based Authentication........................................................................3
Comparison of certificate-based and password-based authentication...............3
The useful features of the certificate-based device and user authentication for
BYOD policy........................................................................................................ 3
Phishing attack...................................................................................................... 4
Top characterizes of phishing attack..................................................................4
Representative examples of phishing.................................................................5
Phishing handling instruction.............................................................................6
Conclusion............................................................................................................. 6
References............................................................................................................. 6
BYOD Policy Design for Southern Cross University_1
Report
Introduction
This report deals with the policy design for southern Cross University. This report
is mainly going to address the issues related to BYOD policies. This report is
going to discuss the risks exist in current policies and modifications required to
mitigate the existing policies.
Risks from BYOD policy to the organization information system
Bringing their own devices to the organization can be extremely risky. Allowing
the employee to bring a laptop will allow an employee to use his laptop for work
purpose, that allows him to access data and store data in their device. Storing
critical components can bring huge risk to an organization's confidentiality,
integrity, Authorization. Loss of employee’s device, buggy application,
installation of buggy software can give access to the attacker. Vulnerable
application is an easy target for the attacker, the attacker can compromise the
machine and get access to the employee's machine. As attacker is an
unauthorized person here the confidentiality is being compromised, attacker can
edit or modify the data this results in compromise of integrity. The attacker can
bring down the device by performing Denial of service as there might be some
buggy or vulnerable applications installed on the device, this results in
compromise of availability.
Threats the BYOD policy might bring to identified critical assets.
Software Bugs.
Lost devices.
Buggy apps.
Malicious apps.
Rooting/Jailbreaking.
Untrustworthy employees
Potential Vulnerabilities of each threat
Threats Leve
l
Software Bugs
Lost devices
Buggy apps
Malicious apps
Rooting/jailbreaking
Untrustworthy
employees
The risk to the organization information system
The organization can be at a huge risk if an untrustworthy employee gets
privileges to access the data. As the employee has crucial data, he can misuse it
for his own benefit, like selling the critical data to the competitive organization.
Loss of device could also be a huge risk as an unauthorized person has the
BYOD Policy Design for Southern Cross University_2
physical device, unauthorized person can break the password and take control
over the data and physical device. Buggy apps and malicious apps are
vulnerable content applications they are easy targeting and exploitable
applications, these vulnerable applications will be the main target for attacker to
take control over the machine remotely. Rooting/jailbreaker devices are not
supported by official companies, which results in no security, bug fixation
updates. These devices are easily exploitable.
Certificate-based Authentication
A certificate-based authentication works on a principle, where it uses public-key
cryptography and digital certificate to authenticate a user.
The server generates a pair of keys, a public key, and a private/secret key. The
public key is shared with the user.
A digital certificate is also generated by a server where it stores information of
public key, identification data, the digital signature.
The server contains the information of signature, signed on the certificate
provided to the user.
The user sends this digital certification to the server and the server checks the
digital certificate with the signature and public key using private key present in
the sever.
If the server match’s the signature sends by the client and if it is able to decrypt
the encrypted data using private key, then it gives permission to client to log in
into the machine.
Comparison of certificate-based and password-based authentication
Certificate-based authentication uses a digital certificate to identify a machine,
device, user, geolocation, before getting access to the resource, organization
network, organizations application.
Whereas in password-based authentication the user or anyone having username
and password can access the resource. It is not possible to get the details of the
location or the machine used for accessing.
Another difference is that certificate-based authentication can implement a one-
time password with biometric verification before logging into the machine.
Whereas certificate-based authentication doesn’t need any biometric verification
from the server-side as like traditional password-based authentication.
The useful features of the certificate-based device and user
authentication for BYOD policy
1. Ease of deployment and ongoing management.
Certificate-based authentication is very easy deployable in today's world.
The cloud architecture for issuing the certificates to the users can provide
the certificate online.
It is easier to add any number of users in active directory. it is easier to
delete an ex-employee from the user database.
2. User-friendly.
BYOD Policy Design for Southern Cross University_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Allowing Employees to Bring Your Own Devices at Work (BYOD Project) at Aztek
|13
|5803
|303

BYOD Policy Threats and Security Strategies for Cybersecurity
|11
|2820
|426

Cyber Security: BYOD Risk Assessment, Certificate-based Authentication, and Anti-phishing Guideline
|9
|2240
|285

BYOD Risk Assessment Task 1: Critical Components 2 2 Cyber Security Name of University Author
|15
|2429
|149

Cyber Security Vulnerabilities and Recommendations for ABC Technology
|10
|3323
|1

Cyber Security: Risks and Solutions for South Cross University
|12
|2052
|467