2CYBERSECURITY Introduction The key risk that arises within the Southern Cross University information system is assessed and identified. Threats of cyber security are needed to be assessed properly so that it becomes easy to protect the organization from unwanted risks(University 2020). The BYOD policy is designed to ensure that proper safety is offered towards the members associated with the university. The assessment will focus on assessing the risks associated with the BYOD policy for managing the universities information system. The second part of the report aims at designing an authenticated system for managing the passwords. The last part of the report aims at describing the spamming activities that arises with the use of BYOD. Task 1: BYOD risk assessment The assets of information are the knowledge available to the organization and in this case of the university’s assets. All the details and the information regarding the activities going on in the university are the assets to the organization (French, Guo and Shim 2014). Along that the retention of that information is also required. The information assets in the university as the information about the students, details of the library books. Payment transactions of the university, tie-ups with other organizations, etc. The policy of bring your own device is designed for the purpose of offering a better access towards the information system. With the introduction of BYOD it becomes difficult to manage the performance (Abomhara 2015). The key risks that are likely to arise in the organization with the use of BYOD policy within are technological issues, policy and aspects of regulation, human aspects and the organizational issues.
3CYBERSECURITY Technological risks are considered as the most important security challenges that arise within the system. It becomes difficult to protect the data within the university. Most important technical risk that arises with the introduction of BYOD in university is the chances of employees altering the data or stealing the data for the purpose of harming the university. Data theft can hamper the overall working procedure. Thus it can be stated that it is crucial to evaluate the policies of BYOD properly for the purpose of managing the performance. On the other hand the university performance gets hampered with the use of the BYOD policy (Dhingra 2016). The identity theft can occur within the system that will eventually lead to hampering the data stored and maintained within the university. Threattowardsbusinessfunctionalitiesanddatahasthepotentialtohamperthe performance. The policy will allow the students and employees to bring their own devices for carrying out any activity. This will eventually lead to hampering the performance. The data leakage is considered as the biggest concern when using the BYOD policies (Vorakulpipatet al. 2017). The chances of data loss and data theft increases with the implementation of these policy. It becomes difficult to manage the security that is maintained over the devices. The performance of the employees and student needs to monitor properly so that it becomes difficult for them to hamper the data. The introduction of BYOD policy has the potential to exploit the data by increasing the risks associated with the data (Putri and Hovav 2014). Beside this the poor management of devices can hamper the business performance of the university. Thus it is important to ensure that policy is designed effectively so that the management of data can be carried out properly without any risks. The possible risks with the assets of the information system of the university will be increased with the BYOD as it will hamper the network of the university (Armandoet al.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CYBERSECURITY 2016). This will increase the chances of data breaches on the university’s network, unauthorized access through the BYOD into the university’s information system, etc. The risks assessment can be carried out with regulatory tracking of all the external devices connected on the network, documenting their nature and suggest ideas of mitigation so that repetition does not occur. IT components Risk management components SoftwareSoftwareOS, Security devices HardwareHardwareComputers, laptops, BYOD NetworkComponents of networksLAN, Internet, extranet PeopleAssociated people with the universityStudents, teachers, employees, etc. Table 1: WFA worksheet Detailsof students Questionpapersof examination Payment transactions Usernameand passwords Data stealing Data breach Unauthorized access Power failure Priorityof control 1234
5CYBERSECURITY Table 2: TVA worksheet Task 2: Certificate-based authentication BYOD policy is introduced for the purpose of managing the business performance. There is a need to ensure that the risks identified within the BYOD are mitigated properly so that it becomes easy to manage the benefits. There is a need to identify the risks at the early stages so that it becomes easy to protect the university from unwanted threats, malicious attacks and data breaches. It is important to ensure that the system are processes and maintained with proper authenticated system so that the impacts can be reduced. IT professionals are concerned about the way BYOD policy can hamper the performance of the university. Thus it is essential to ensure that proper security measures are integrated within the system for the purpose of reducing the risks. This will also ensure that the productivity has increased with an effective security policy. At present the university uses the scheme of password based authentication for the purpose of managing the way people are utilizing the data (O'Neillet al.2017). With the help of proper certificate based authentication scheme it becomes easy to protect the data. This uses a public key for the purpose of performing the cryptography. This validates that only the authenticate users are allowed to access the data. The digital certificate is referred to the electronic form that contains digital signature, identification data and a public key so that it becomes easy to manage the data. Thus it is highly suggested that the process of certificate based authentication will ensure that the data are protected effectively within the system (Porambageet al.2014). The certificate based authentication is defines as the utilization of certificate that is utilized for the purpose of identifying the users, devices or machines that are needed to be accessed while accessing the data. Whenever a user signs on to the server they are responsible forprovidingthedigitalcertificatewithsignatureandpublickeyfortheauthorityof
6CYBERSECURITY certification. The server then focuses on authenticating the users with use of a public key cryptography. The main objective behind using certificate based authentication process is that it helps in ensuringthatminimalinvolvementneededfromtheusersend.Inadditiontothisthe communication process can be secured properly that will further ensure that the data maintained and shared are authenticate. It becomes very much essential to ensure that the shared data are authenticated. Apart from this there is no need to have any additional hardware. Certificates are designed in such a way that it becomes easy to accommodate the multi device users. This will ensure that the tokens are distributed and managed properly (Grosset al.2015). There is no need to make backup plan for managing the tokens. It can be done effectively with the use of certificatebasedauthentication.Moreoverthecertificatebasedauthenticationsolutionis designed with a platform that is cloud based management, it helps in making the administration process efficiently. Hence it can be stated that with the help of proper support it becomes easy to manage the university performance. Thus it is crucial to ensure that proper security measures are followed within the data. Task 3: Anti-spam guideline SPAM is defined as the messages sent which is irrelevant in nature via the internet for the purpose off hampering their lives. The SPAM is referred to the large number of contents that are sent for the purpose of phishing, advertisement and spreading malware (Nagalingamet al.2015). According to the Spam Act 2003, the ban on the electronic message which is commercially unsolicited, the software of address harvesting must not produces, use or obtains any address list, the electronic message must follow the regulations that does not allow to send electronic messages that are commercial, the present of facility that is functionally unsubscribed in the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7CYBERSECURITY electronic message which is commercial in nature, the message must contain all the information of the organization or the individual who intended to send the message and lastly the act contains the consequences that will be faced by anyone who disobeys this with injunctions and legal penalties (Kigerl 2016). The different types of SPAM that has the potential to hamper the business performance are: ï‚·Malicious links:Spreading malicious links for hampering the performance. This links are created for the purpose of misleading the users or harming or the devices with which they are interacting. ï‚·Bulk messaging:the bulk messaging procedure mainly involves sending a text message towards a group of people for short period of time. The bulk messages are used for the spreading malware messages. ï‚·Sharing undesired messages:the messages are shared for the purpose of threatening the users with unwanted content. This automatically hampers the performance. The messages and malicious contents can hamper the performance. Hence it can be stated that SPAM messages has the potential to hamper the stability of the users. Conclusion It can be concluded from the above reportthat with the help of an effective policy it becomes easy to manage the activities and work around any organization. In case of the university it regulates in the same way. The risks are identified efficiently so that it becomes easy to manage the activities at the right time. All the sections that is the risks related to BYOD to the university, the shift to the authentication that is certificate based and following up of the guidelines of Anti-spam are required to undertake by the organization.
8CYBERSECURITY Reference Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks.Journal of Cyber Security and Mobility,4(1), pp.65-88. Armando, A., Costa, G., Merlo, A., Verderame, L. and Wrona, K., 2016, May. Developing a NATO BYOD security policy. In2016 International Conference on Military Communications and Information Systems (ICMCIS)(pp. 1-6). IEEE. Dhingra, M., 2016. Legal issues in secure implementation of bring your own device (BYOD). Procedia Computer Science,78(C), pp.179-184. French, A.M., Guo, C. and Shim, J.P., 2014. Current status, issues, and future of bring your own device (BYOD).Communications of the Association for Information Systems,35(1), p.10. Gross,H.,Hölbl,M.,Slamanig,D.andSpreitzer,R.,2015,December.Privacy-aware authentication in the internet of things. InInternational Conference on Cryptology and Network Security(pp. 32-39). Springer, Cham. Kigerl, A.C., 2016. Deterring spammers: impact assessment of the CAN SPAM act on email spam rates.Criminal Justice Policy Review,27(8), pp.791-811. Nagalingam, V., Samy, G.N., Maarop, N., Azmi, N.F.M., Shamugam, B. and Ahmad, R., 2015. Proposing Awareness Guidelines on Phishing Attempts among Students.Open International Journal of Informatics (OIJI),3(2), pp.1-9. O'Neill, M., Heidbrink, S., Ruoti, S., Whitehead, J., Bunker, D., Dickinson, L., Hendershot, T., Reynolds, J., Seamons, K. and Zappala, D., 2017. Trustbase: an architecture to repair and strengthen certificate-based authentication. In26th {USENIX} Security Symposium ({USENIX} Security 17)(pp. 609-624).
9CYBERSECURITY Porambage, P., Schmitt, C., Kumar, P., Gurtov, A. and Ylianttila, M., 2014, April. Two-phase authentication protocol for wireless sensor networks in distributed IoT applications. In2014 IEEE Wireless Communications and Networking Conference (WCNC)(pp. 2728-2733). Ieee. Putri, F.F. and Hovav, A., 2014. Employees compliance with BYOD security policy: Insights from reactance, organizational justice, and protection motivation theory. University, S. (2020).Home - Southern Cross University. [online] Scu.edu.au. Available at: https://www.scu.edu.au/ [Accessed 31 Jan. 2020]. Vorakulpipat, C., Sirapaisan, S., Rattanalerdnusorn, E. and Savangsuk, V., 2017. A policy-based framework for preserving confidentiality in BYOD environments: A review of information security perspectives.Security and communication networks,2017.