Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Security Consultation Report and Guideline

Verified

Added on 2022/08/17

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY CONSULTATION REPORT AND GUIDELINE
Security Consultation Report and Guideline
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1SECURITY CONSULTATION REPORT AND GUIDELINE
Table of Contents
1. Introduction..................................................................................................................................3
Task 1: BYOD Risk Assessment.....................................................................................................3
1.1 Critical Components for the University Information System................................................3
1.2 BYOD Risk Assessment Introduction...................................................................................4
1.3 Objective/Purpose of BYOD Risk Assessment.....................................................................4
1.4 Scope of Risk Assessment.....................................................................................................5
1.5 Define risk appetite................................................................................................................5
1.6 Threats and Vulnerabilities identification and TVA.............................................................5
1.7 Risk Assessment (Qualitative/quantitative)...........................................................................8
Task 2: Certificate-Based Authentication........................................................................................8
2.1 Introduction............................................................................................................................8
2.2 Working principle of Password-based authentication scheme..............................................9
2.3 Certificate-based authentication scheme.............................................................................11
2.4 Working principle of Certificate-based authentication scheme...........................................11
2.5 Comparison of the password-based and certificate–based Authentication.........................13
2.6 Conclusion...........................................................................................................................13
Task 3: Anti-spam Guideline.........................................................................................................14
3.1 Definition and characteristics of Spam................................................................................14
3.2 Representative Examples of Spam......................................................................................14

2SECURITY CONSULTATION REPORT AND GUIDELINE
3.3 Instructions for Spam Handling (users)...............................................................................15
3.4 Instructions for Spam Handling (IT admin)........................................................................15
4. Conclusion.................................................................................................................................16
References......................................................................................................................................17

3SECURITY CONSULTATION REPORT AND GUIDELINE
1. Introduction
The discussion is based on understanding the various aspects in relation to the
understanding over the implementation procedure of the BYOD policy that would be
implemented in Southern Cross University. In the present situation, the discussion is focused
over the emerging and contemporary threats that are being rising within the university due to low
forms of security strategies. Different situations of threats include the risk of data breaches from
the university database system. A proper lack of policy would be considered as negative towards
the implementation of proper measures taken for implementing better security of the embedded
systems (Ortbach, Walter and Öksüz 2015). Attacks from spam also affects the reputation of the
university and leads towards disastrous impacts.
The following parts of the discussion would be focused over the assessment of risks with
the process of implementation of BYOD policy for the information system (IS) for SCU. The
guidelines would be based on assessment of risks that would have affected the IS maintained for
the university. The next part of the discussion would be based on a report focusing on the
assessment of risks and recommending towards the implementation of a Certificate-based
Authentication system. The concluding part of the discussion would be focused on a guideline
discussing the Spam Act 2003 and further would include situations of spam and instructions
based on minimizing the spam threats.
Task 1: BYOD Risk Assessment
1.1 Critical Components for the University Information System
The assets of the university information system includes:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4SECURITY CONSULTATION REPORT AND GUIDELINE
1. Corporate Financial Data – The financial data of the university is considered to be
highly critical in nature and thus it helps in determining several statistics based on determining
the business growth of the university. It also helps in determining the statistical pattern for the
number of students, performance metrics and others.
2. Human Information – This would include the detailed records of students, teachers
and other employees working within the university (AlHogail 2015). These are considered as
major critical assets of the university and hence they would need to be secured.
3. Proprietary Software – The university would have a dedicated and proprietary
software that would maintain the records of each employee and students while performing other
functions.
1.2 BYOD Risk Assessment Introduction
BYOD is defined as the collaboration of concepts, technologies and policies that would
be set for employees based on which they would be able to access their different IT resources.
With the proliferation of the IT impact on university, the introduction of BYOD policy is widely
considered (Tanimoto et al. 2016). The discussion in this paper would discuss over the risk
assessment process based on BYOD. It would also evaluate the risk management method.
1.3 Objective/Purpose of BYOD Risk Assessment
The purpose of performing the BYOD Risk Assessment is based on understanding the
various areas of risks and determining appropriate strategies focusing over mitigating them for
the benefit for the university.

5SECURITY CONSULTATION REPORT AND GUIDELINE
1.4 Scope of Risk Assessment
The scope of the process for risk assessment is based on discussing over the most
appropriate process for determining the areas from which risks can approach towards the project.
The scope also includes the ways in which the risks could be mitigated and the most probable
ways in which the risks could be mitigated from the plan of the project.
1.5 Define risk appetite
Risk appetite can be defined as certain risks levels that could be tolerated at SCU and
thus the university should be prepared for accepting them through which they would be able to
meet to their objectives. The risk appetite also represents a certain balance that is maintained
between the several benefits based on innovation and their related threats, which would
inevitably change.
1.6 Threats and Vulnerabilities identification and TVA
2. Public Exposure – There might be a susceptibility to eavesdropping and man-in-the-
middle attacks posed at public hotspot points that might be operated by remote networking
workers.
Part 1:
Question Who Why Critical Asset
What is data is related
to?
University accounts Understanding the
importance of
financial data
Corporate Financial
Data (A1)
What kind of
information is stored?
Data analyst Understanding the
scope of the
information
Human Information
(A2)
What is the function of
this software in the
university?
Technical operator Understanding the
critical functions
being performed
Proprietary Software
(A3)

6SECURITY CONSULTATION REPORT AND GUIDELINE
by the software
Part 2:
R (30) P (50) PI (40) Total
A1 0.1 0.2 0.5 38
A2 0.04 0.1 0.4 20
A3 0.15 0.5 0.3 35
93

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7SECURITY CONSULTATION REPORT AND GUIDELINE
Part 3:
Asset Vulnerability Threat Impact Likelihood Risk rating
A1 The insider attacks
within the LAN based
on a valid user profile.
Increased risk based on data
leakage is considered as the
most possible threat affecting
the university information
system
55 0.2 11
Disruption in
recovering files from
server
0.5 27.5
Hardware issues might
lead to security
vulnerabilities
0.3 16.5
A2 Disruption in gaining
access to student data
from the server
Students might download
certain applications by
connecting with external Wi-Fi
hotspots without the proper
form of security protocols. In
these situations, security holes
should be exploited by hackers.
75 0.1 7.5
Unavailable options
for loading new data
0.5 37.5
Deleted data from the
database for human
information within the
university
0.4 30
A3 Cost of present IT
infrastructure might be
high and hence non-
affordable by the
university
The university should ensure
that data should form with the
present IT infrastructure. It
should be ensured which of the
applications would be meeting
with the quality standards.
65 0.2 13
BYOD policy might
not support
applications based on
their standards
0.4 26
Quality standards
might not support the
present IT framework
0.3 19.5

8SECURITY CONSULTATION REPORT AND GUIDELINE
1.7 Risk Assessment (Qualitative/quantitative)
The risks based on the information system implemented within the university could be
assessed using a qualitative approach. Under this approach, the different risks would be
discussed, analysed, selection of risk responses and monitoring processes.
In this case, the 5-step approach would be followed based on understanding the various
aspects of risks and determination of strategies based on their mitigation. These are as follows:
1. Step 1 – In the primary step, the risk situations should be identified.
2. Step 2 – It should be determined about the persons who would be responsible for the
situations of risks.
3. Step 3 – Based on understanding of the risk situations and the persons responsible for
the risk, the precautionary steps would be taken for mitigating them.
4. Step 4 – After the risk situations have been understood, the results would be record in
this step.
5. Step 5 – Regular review over assessments should be performed. More frequent
reviews would be considered as a necessary process in the workplace based on determining the
conditions of change.
Task 2: Certificate-Based Authentication
2.1 Introduction
The certificate-based authentication is recognized as a digital certificate for identification
of a user or machine before granting certain level of access to an application or resource (Verma,

9SECURITY CONSULTATION REPORT AND GUIDELINE
Kumar and Sinha 2016). The method of certificate-based authentication represents the
deployment and coordination of different traditional methods that includes password and
username.
The following parts of the discussion would discuss on the work principles of the
password-based authentication scheme and certificate-based authentication. It also highlights on
the comparison presented between the certificate-based authentication with the password-based
authentication system.
2.2 Working principle of Password-based authentication scheme
The working principle of the scheme based on password-based authentication is based on
the process of identification and authorization. Simple method of password authentication helps
in offering an easy process based on performing authentication of users. In the password
authentication process, the concerned user should be able to supply a certain password to each of
the available servers (Wang and Xu 2017). The administrator would maintain a track over the
user name and unique password for each individual user on different servers.
The various steps involved behind the principle of working for the password-based
authentication scheme have being represented in the following picture.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10SECURITY CONSULTATION REPORT AND GUIDELINE
(Figure 1: The Working Principle for the Password-based authentication system)
(Source: Wang and Xu 2017)
The principle of working for the password-based authentication system is discussed in the
following steps.
1. In the initial stage, the user would enter their name and password. The client
application should make use of the entered name for retrieving the Distinguished Name (DN).
2. In the second step, the client would send the DN and saved user passwords through the
internal network.
3. The server would match the password received from client-side with the pre-stored
password.
4. After determination over the authenticity of the password, the server would be able to
determine whether the specified user would be permitted for accessing any particular resource
(Moon et al. 2016). After this, the server would provide permission to the client for accessing the
request resource.

11SECURITY CONSULTATION REPORT AND GUIDELINE
2.3 Certificate-based authentication scheme
This scheme makes use of a public key cryptography and digital certificate for the
purpose of authenticating any individual user. A digital approved certificate comprises of an
electronic form, which would comprise of a public key, digital signature, identification data and
the digital signature that would be approved by a certified authority (Mandal and Deepti 2017).
This would be derived from the private key that would belong to the certification authority.
Whenever a user would sign in within a server, they would be obligated to offer their
digital certificate, which would comprise a public key and signature derived from the authority
of certification. The server would compare the validity for the digital signature. It would also
verify whether the digital certificate would be issued by a certification authority (Almadhoun et
al. 2018). After the completion of the entire process, the server would be able to authenticate the
user based on a public-key cryptography based on confirming whether the designated user has
gained possession for the private key that would be in close association with the digital
certificate.
2.4 Working principle of Certificate-based authentication scheme
The certificate-based authentication process requires SSL based on performing
authentication. The certificate-based process would primarily assume that the client would be
connected to the server. The steps of authentication have been discussed in the following picture:

12SECURITY CONSULTATION REPORT AND GUIDELINE
(Figure 2: The Working Principle for the Certificate-based authentication system)
(Source: Djellali et al. 2015)
The steps towards the authentication process for the certificate-based authentication are
discussed in the following steps:
1. The software at the client side would support a database based on the use of private
keys. The client would recall the password from the database initially when the client would
need access (Ranjan and Somani 2016). The user would enter the password only once during the
entire session.
2. After unlocking of the database supporting private-key, the client would be able to
retrieve the user certificate based on private key.
3. The client would send a user certificate along with the random-generated data through
the network.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13SECURITY CONSULTATION REPORT AND GUIDELINE
4. The server makes use of a certificate along with the signed data based on
authenticating the identity of the user.
5. The server would be able to perform other tasks based on authentication. The process
of evaluation, if positive, the server would allow the client for accessing towards the requested
resource.
2.5 Comparison of the password-based and certificate–based Authentication
In the process based on password-based authentication, the organization would store their
data and core business programs on a server. During signing within the system, the recorded
details would be communicated through the main server and then the primary details would be
compared within the user library.
On the other hand, the method of certificate-based authentication would require the
transmission of digital bits of information through the network (Oh et al. 2017). In this case, the
user would login within the server. After this, a key or public certificate would send a digital
information piece that would be able to verify the identity.
2.6 Conclusion
Based on the discussion and comparison of the working principle for both the
authentication schemes, it can be discussed that the features by the certificate-based
authentication, which would be considered as useful for the BYOD policy. Some of the
discussed features are that it provides a certain ease during the deployment process and further
management. A mutual authentication is also supported by the certificate-based scheme. This
scheme also is easily available for rolling out before users.

14SECURITY CONSULTATION REPORT AND GUIDELINE
Task 3: Anti-spam Guideline
3.1 Definition and characteristics of Spam
According to The Spam Act 2003, the idea of spam is defined as a form of unwanted or
electronic junk mail, which is sent to users. This kind of mail is mostly sent to users, which
would not be granted any verifiable permission.
The characteristics of spam are:
1. The Gmail address URL looks differently because spammers mostly make use of
Gmail addresses for hitting their target. Odd forms of message content that would not have any
meaning or a generalized content without any professionalism should be considered as a spam.
2. There would be certain grammatical errors in the messages (Choudhary and Jain
2017). Spammers are not fully concerned regarding the grammar of the content and spelling
errors. Hence, these messages have poor spelling and grammatical mistakes.
3. Spammers would mostly watch for claims whether they users have reviewed for the
site. Company emails mostly contain an email signature at some block of text or at the bottom. A
spam message could be one in which the email would not include some contact information or a
phone number.
3.2 Representative Examples of Spam
The representative examples of spam are:
1. Bulk arrival of unsolicited form of commercial email messages (Heydari et al. 2015).
2. Email messages that were not asked from senders who are unknown.

15SECURITY CONSULTATION REPORT AND GUIDELINE
3. Counterfeit messages that were received from reliable sources for tricking users based
on gaining personal information.
3.3 Instructions for Spam Handling (users)
The instructions of spam handling that would be supported for users are:
1. Do not open any form of identifiable spam message. The message heading should be
read properly and the intent of the message should be understood. Hence, the message should not
be opened any further.
2. Reporting the spam (Ahn et al. 2015). The spam message when detected should be
reported to the IT admin head of the organisation. This would reduce the chances of getting
future spam messages.
3. Turning on the junk email filtering option. Different web browsers have the option of
turning on the option for filtering of spam messages. This would help in filtering out the spam
messages.
3.4 Instructions for Spam Handling (IT admin)
The instructions of spam handling that would be supported for users are:
1. Maintain a spam filtering software in the portal of the users. This software should be
installed by the IT admin at each of the user systems and this would help in removing the
unnecessary emails from attacking the systems.
2. Finding the sender and blocking the lists (Xu et al. 2019). A personal email should be
set up for the organisation. The email IDs of the same should be shared only within the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16SECURITY CONSULTATION REPORT AND GUIDELINE
organisation. This would help in reducing the chances of spam emails coming from unauthorized
sources.
3. Filtering the inbox on a regular basis. An instruction should bet set up for all
employees to continuously remove junk mails or unnecessary mails from their inbox.
4. Conclusion
From the discussion over the above discussions, it can be put under conclusion that the
report mainly focuses on the importance of the BYOD policy that would be implemented within
the university based on protecting their assets. It also discusses the threats and vulnerabilities.
The next part of the report discusses on the principle of working for the certificate-based
authentication and password-based authentication scheme. There have been a certain comparison
and contrast over both the authentication schemes. Hence, the useful features derived from them
have been highlighted within the report. The final part of the report thus discusses on the
characteristics of a spam and some representative examples for identifying them. A detailed
instruction list has also been provided for understanding them and reducing them at the earliest.

17SECURITY CONSULTATION REPORT AND GUIDELINE
References
Ahn, J., Yoo, S., Mutlu, O. and Choi, K., 2015, June. PIM-enabled instructions: a low-overhead,
locality-aware processing-in-memory architecture. In 2015 ACM/IEEE 42nd Annual
International Symposium on Computer Architecture (ISCA) (pp. 336-348). IEEE.
AlHogail, A., 2015. Design and validation of information security culture framework. Computers
in Human Behavior, 49, pp.567-575.
Almadhoun, R., Kadadha, M., Alhemeiri, M., Alshehhi, M. and Salah, K., 2018, October. A user
authentication scheme of IoT devices using blockchain-enabled fog nodes. In 2018 IEEE/ACS
15th International Conference on Computer Systems and Applications (AICCSA) (pp. 1-8).
IEEE.
Choudhary, N. and Jain, A.K., 2017, March. Towards filtering of SMS spam messages using
machine learning based technique. In International Conference on Advanced Informatics for
Computing Research (pp. 18-30). Springer, Singapore.
Djellali, B., Belarbi, K., Chouarfia, A. and Lorenz, P., 2015. User authentication scheme
preserving anonymity for ubiquitous devices. Security and Communication Networks, 8(17),
pp.3131-3141.
Heydari, A., ali Tavakoli, M., Salim, N. and Heydari, Z., 2015. Detection of review spam: A
survey. Expert Systems with Applications, 42(7), pp.3634-3642.
Mandal, S.K. and Deepti, A.R., 2017. A General Approach of Authentication Scheme and its
Comparative Study. International Journal of Computer (IJC), 26(1), pp.15-22.

18SECURITY CONSULTATION REPORT AND GUIDELINE
Moon, J., Choi, Y., Kim, J. and Won, D., 2016. An improvement of robust and efficient
biometrics based password authentication scheme for telecare medicine information systems
using extended chaotic maps. Journal of medical systems, 40(3), p.70.
Oh, I., Lee, Y., Lee, H., Lee, K. and Yim, K., 2017, July. Security assessment of the image-based
authentication using screen-capture tools. In International Conference on Innovative Mobile and
Internet Services in Ubiquitous Computing (pp. 156-161). Springer, Cham.
Ortbach, K., Walter, N. and Öksüz, A., 2015, May. Are You Ready to Lose Control? A Theory
on the Role of Trust and Risk Perception on Bring-Your-Own-Device Policy and Information
System Service Quality. In ECIS.
Ranjan, A.K. and Somani, G., 2016. Access control and authentication in the internet of things
environment. In Connectivity Frameworks for Smart Devices (pp. 283-305). Springer, Cham.
Tanimoto, S., Yamada, S., Iwashita, M., Kobayashi, T., Sato, H. and Kanai, A., 2016, October.
Risk assessment of BYOD: bring your own device. In 2016 IEEE 5th Global Conference on
Consumer Electronics (pp. 1-4). IEEE.
Verma, U.K., Kumar, S. and Sinha, D., 2016, March. A secure and efficient certificate based
authentication protocol for MANET. In 2016 International Conference on Circuit, Power and
Computing Technologies (ICCPCT) (pp. 1-7). IEEE.
Wang, C. and Xu, G., 2017. Cryptanalysis of three password-based remote user authentication
schemes with non-tamper-resistant smart card. Security and Communication Networks, 2017.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

19SECURITY CONSULTATION REPORT AND GUIDELINE
Xu, H., Hu, L., Liu, P. and Guan, B., 2019, June. Exploiting the Spam Correlations in Scalable
Online Social Spam Detection. In International Conference on Cloud Computing (pp. 146-160).
Springer, Cham.

1 out of 20

+13062052269

info@desklib.com

Security Consultation Report and Guideline

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Risk Assessment of Southern Cross University

Cyber Security: BYOD Risk Assessment, Certificate-Based Authentication, and Anti-Phishing Guideline

BYOD Policy Threats and Security Strategies for Cybersecurity

Assessing Risk from BYOD Policy to University Information System

Cybersecurity Report

Professional Paper Elements -