Your contribution can guide someone’s learning journey. Share your
documents today.
Running head:SECURITY CONSULTATION REPORT AND GUIDELINE Security Consultation Report and Guideline Name of the Student Name of the University Author note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1SECURITY CONSULTATION REPORT AND GUIDELINE Table of Contents 1. Introduction..................................................................................................................................3 Task 1: BYOD Risk Assessment.....................................................................................................3 1.1 Critical Components for the University Information System................................................3 1.2 BYOD Risk Assessment Introduction...................................................................................4 1.3 Objective/Purpose of BYOD Risk Assessment.....................................................................4 1.4 Scope of Risk Assessment.....................................................................................................5 1.5 Define risk appetite................................................................................................................5 1.6 Threats and Vulnerabilities identification and TVA.............................................................5 1.7 Risk Assessment (Qualitative/quantitative)...........................................................................8 Task 2: Certificate-Based Authentication........................................................................................8 2.1 Introduction............................................................................................................................8 2.2Working principle of Password-based authentication scheme..............................................9 2.3Certificate-based authentication scheme.............................................................................11 2.4Working principle of Certificate-based authentication scheme...........................................11 2.5 Comparison of the password-based and certificate–based Authentication.........................13 2.6 Conclusion...........................................................................................................................13 Task 3: Anti-spam Guideline.........................................................................................................14 3.1Definition and characteristics of Spam................................................................................14 3.2 Representative Examples of Spam......................................................................................14
2SECURITY CONSULTATION REPORT AND GUIDELINE 3.3 Instructions for Spam Handling (users)...............................................................................15 3.4 Instructions for Spam Handling (IT admin)........................................................................15 4. Conclusion.................................................................................................................................16 References......................................................................................................................................17
3SECURITY CONSULTATION REPORT AND GUIDELINE 1. Introduction Thediscussionisbasedonunderstandingthevariousaspectsinrelationtothe understandingovertheimplementationprocedureoftheBYODpolicythatwouldbe implemented in Southern Cross University. In the present situation, the discussion is focused over the emerging and contemporary threats that are being rising within the university due to low forms of security strategies. Different situations of threats include the risk of data breaches from the university database system. A proper lack of policy would be considered as negative towards the implementation of proper measures taken for implementing better security of the embedded systems (Ortbach, Walter and Öksüz 2015). Attacks from spam also affects the reputation of the university and leads towards disastrous impacts. The following parts of the discussion would be focused over the assessment of risks with the process of implementation of BYOD policy for the information system (IS) for SCU. The guidelines would be based on assessment of risks that would have affected the IS maintained for the university. The next part of the discussion would be based on a report focusing on the assessment of risks and recommending towards the implementation of a Certificate-based Authentication system. The concluding part of the discussion would be focused on a guideline discussing the Spam Act 2003 and further would include situations of spam and instructions based on minimizing the spam threats. Task 1: BYOD Risk Assessment 1.1 Critical Components for the University Information System The assets of the university information system includes:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4SECURITY CONSULTATION REPORT AND GUIDELINE 1.Corporate Financial Data– The financial data of the university is considered to be highly critical in nature and thus it helps in determining several statistics based on determining the business growth of the university. It also helps in determining the statistical pattern for the number of students, performance metrics and others. 2.Human Information– This would include the detailed records of students, teachers and other employees working within the university (AlHogail 2015). These are considered as major critical assets of the university and hence they would need to be secured. 3.Proprietary Software– The university would have a dedicated and proprietary software that would maintain the records of each employee and students while performing other functions. 1.2 BYOD Risk Assessment Introduction BYOD is defined as the collaboration of concepts, technologies and policies that would be set for employees based on which they would be able to access their different IT resources. With the proliferation of the IT impact on university, the introduction of BYOD policy is widely considered (Tanimotoet al.2016). The discussion in this paper would discuss over the risk assessment process based on BYOD. It would also evaluate the risk management method. 1.3 Objective/Purpose of BYOD Risk Assessment The purpose of performing the BYOD Risk Assessment is based on understanding the various areas of risks and determining appropriate strategies focusing over mitigating them for the benefit for the university.
5SECURITY CONSULTATION REPORT AND GUIDELINE 1.4 Scope of Risk Assessment The scope of the process for risk assessment is based on discussing over the most appropriate process for determining the areas from which risks can approach towards the project. The scope also includes the ways in which the risks could be mitigated and the most probable ways in which the risks could be mitigated from the plan of the project. 1.5 Define risk appetite Risk appetite can be defined as certain risks levels that could be tolerated at SCU and thus the university should be prepared for accepting them through which they would be able to meet to their objectives. The risk appetite also represents a certain balance that is maintained between the several benefits based on innovation and their related threats, which would inevitably change. 1.6 Threats and Vulnerabilities identification and TVA 2.Public Exposure– There might be a susceptibility to eavesdropping and man-in-the- middle attacks posed at public hotspot points that might be operated by remote networking workers. Part 1: QuestionWhoWhyCritical Asset What is data is related to? University accountsUnderstandingthe importanceof financial data CorporateFinancial Data (A1) Whatkindof information is stored? Data analystUnderstandingthe scopeofthe information HumanInformation (A2) What is the function of thissoftwareinthe university? Technical operatorUnderstandingthe criticalfunctions beingperformed ProprietarySoftware (A3)
6SECURITY CONSULTATION REPORT AND GUIDELINE by the software Part 2: R (30)P (50)PI (40)Total A10.10.20.538 A20.040.10.420 A30.150.50.335 93
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7SECURITY CONSULTATION REPORT AND GUIDELINE Part 3: AssetVulnerabilityThreatImpactLikelihoodRisk rating A1Theinsiderattacks within the LAN based on a valid user profile. Increasedriskbasedondata leakageisconsideredasthe mostpossiblethreataffecting theuniversityinformation system 550.211 Disruptionin recoveringfilesfrom server 0.527.5 Hardware issues might leadtosecurity vulnerabilities 0.316.5 A2Disruption in gaining access to student data from the server Studentsmightdownload certainapplicationsby connecting with external Wi-Fi hotspotswithouttheproper form of security protocols. In these situations, security holes should be exploited by hackers. 750.17.5 Unavailableoptions for loading new data 0.537.5 Deleted data from the databaseforhuman information within the university 0.430 A3CostofpresentIT infrastructure might be highandhencenon- affordablebythe university Theuniversityshouldensure that data should form with the presentITinfrastructure.It should be ensured which of the applications would be meeting with the quality standards. 650.213 BYODpolicymight notsupport applications based on their standards 0.426 Qualitystandards might not support the present IT framework 0.319.5
8SECURITY CONSULTATION REPORT AND GUIDELINE 1.7 Risk Assessment (Qualitative/quantitative) The risks based on the information system implemented within the university could be assessed using a qualitative approach. Under this approach, the different risks would be discussed, analysed, selection of risk responses and monitoring processes. In this case, the 5-step approach would be followed based on understanding the various aspects of risks and determination of strategies based on their mitigation. These are as follows: 1.Step 1– In the primary step, the risk situations should be identified. 2.Step 2– It should be determined about the persons who would be responsible for the situations of risks. 3.Step 3– Based on understanding of the risk situations and the persons responsible for the risk, the precautionary steps would be taken for mitigating them. 4.Step 4– After the risk situations have been understood, the results would be record in this step. 5.Step 5– Regular review over assessments should be performed. More frequent reviews would be considered as a necessary process in the workplace based on determining the conditions of change. Task 2: Certificate-Based Authentication 2.1 Introduction The certificate-based authentication is recognized as a digital certificate for identification of a user or machine before granting certain level of access to an application or resource (Verma,
9SECURITY CONSULTATION REPORT AND GUIDELINE KumarandSinha2016).Themethodofcertificate-basedauthenticationrepresentsthe deploymentand coordinationof differenttraditionalmethodsthatincludespassword and username. The following parts of the discussion would discuss on the work principles of the password-based authentication scheme and certificate-based authentication. It also highlights on the comparison presented between the certificate-based authentication with the password-based authentication system. 2.2Working principle of Password-based authentication scheme The working principle of the scheme based on password-based authentication is based on the process of identification and authorization. Simple method of password authentication helps in offering an easy process based on performing authentication of users. In the password authentication process, the concerned user should be able to supply a certain password to each of the available servers (Wang and Xu 2017). The administrator would maintain a track over the user name and unique password for each individual user on different servers. The various steps involved behind the principle of working for the password-based authentication scheme have being represented in the following picture.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10SECURITY CONSULTATION REPORT AND GUIDELINE (Figure 1: The Working Principle for the Password-based authentication system) (Source: Wang and Xu 2017) The principle of working for the password-based authentication system is discussed in the following steps. 1. In the initial stage, the user would enter their name and password. The client application should make use of the entered name for retrieving the Distinguished Name (DN). 2. In the second step, the client would send the DN and saved user passwords through the internal network. 3. The server would match the password received from client-side with the pre-stored password. 4. After determination over the authenticity of the password, the server would be able to determine whether the specified user would be permitted for accessing any particular resource (Moonet al.2016). After this, the server would provide permission to the client for accessing the request resource.
11SECURITY CONSULTATION REPORT AND GUIDELINE 2.3Certificate-based authentication scheme This scheme makes use of a public key cryptography and digital certificate for the purpose of authenticating any individual user. A digital approved certificate comprises of an electronic form, which would comprise of a public key, digital signature, identification data and the digital signature that would be approved by a certified authority (Mandal and Deepti 2017). This would be derived from the private key that would belong to the certification authority. Whenever a user would sign in within a server, they would be obligated to offer their digital certificate, which would comprise a public key and signature derived from the authority of certification. The server would compare the validity for the digital signature. It would also verify whether the digital certificate would be issued by a certification authority (Almadhounet al.2018). After the completion of the entire process, the server would be able to authenticate the user based on a public-key cryptography based on confirming whether the designated user has gained possession for the private key that would be in close association with the digital certificate. 2.4Working principle of Certificate-based authentication scheme Thecertificate-basedauthenticationprocessrequiresSSLbasedonperforming authentication. The certificate-based process would primarily assume that the client would be connected to the server. The steps of authentication have been discussed in the following picture:
12SECURITY CONSULTATION REPORT AND GUIDELINE (Figure 2: The Working Principle for the Certificate-based authentication system) (Source: Djellaliet al.2015) The steps towards the authentication process for the certificate-based authentication are discussed in the following steps: 1. The software at the client side would support a database based on the use of private keys. The client would recall the password from the database initially when the client would need access (Ranjan and Somani 2016). The user would enter the password only once during the entire session. 2. After unlocking of the database supporting private-key, the client would be able to retrieve the user certificate based on private key. 3. The client would send a user certificate along with the random-generated data through the network.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13SECURITY CONSULTATION REPORT AND GUIDELINE 4.Theservermakesuseofacertificatealongwiththesigneddatabasedon authenticating the identity of the user. 5. The server would be able to perform other tasks based on authentication. The process of evaluation, if positive, the server would allow the client for accessing towards the requested resource. 2.5 Comparison of the password-based and certificate–based Authentication In the process based on password-based authentication, the organization would store their data and core business programs on a server. During signing within the system, the recorded details would be communicated through the main server and then the primary details would be compared within the user library. On the other hand, the method of certificate-based authentication would require the transmission of digital bits of information through the network (Ohet al.2017). In this case, the user would login within the server. After this, a key or public certificate would send a digital information piece that would be able to verify the identity. 2.6 Conclusion Basedonthediscussionandcomparisonoftheworkingprincipleforboththe authenticationschemes,itcanbediscussedthatthefeaturesbythecertificate-based authentication, which would be considered as useful for the BYOD policy. Some of the discussed features are that it provides a certain ease during the deployment process and further management. A mutual authentication is also supported by the certificate-based scheme. This scheme also is easily available for rolling out before users.
14SECURITY CONSULTATION REPORT AND GUIDELINE Task 3: Anti-spam Guideline 3.1Definition and characteristics of Spam According to The Spam Act 2003, the idea of spam is defined as a form of unwanted or electronic junk mail, which is sent to users. This kind of mail is mostly sent to users, which would not be granted any verifiable permission. The characteristics of spam are: 1. The Gmail address URL looks differently because spammers mostly make use of Gmail addresses for hitting their target.Odd forms of message content that would not have any meaning or a generalized content without any professionalism should be considered as a spam. 2. There would be certain grammatical errors in the messages (Choudhary and Jain 2017).Spammers are not fully concerned regarding the grammar of the content and spelling errors. Hence, these messages have poor spelling and grammatical mistakes. 3. Spammers would mostly watch for claims whether they users have reviewed for the site.Company emails mostly contain an email signature at some block of text or at the bottom. A spam message could be one in which the email would not include some contact information or a phone number. 3.2 Representative Examples of Spam The representative examples of spam are: 1. Bulk arrival of unsolicited form of commercial email messages (Heydariet al.2015). 2. Email messages that were not asked from senders who are unknown.
15SECURITY CONSULTATION REPORT AND GUIDELINE 3. Counterfeit messages that were received from reliable sources for tricking users based on gaining personal information. 3.3 Instructions for Spam Handling (users) The instructions of spam handling that would be supported for users are: 1. Do not open any form of identifiable spam message.The message heading should be read properly and the intent of the message should be understood. Hence, the message should not be opened any further. 2. Reporting the spam (Ahnet al.2015).The spam message when detected should be reported to the IT admin head of the organisation. This would reduce the chances of getting future spam messages. 3. Turning on the junk email filtering option.Different web browsers have the option of turning on the option for filtering of spam messages. This would help in filtering out the spam messages. 3.4 Instructions for Spam Handling (IT admin) The instructions of spam handling that would be supported for users are: 1. Maintain a spam filtering software in the portal of the users.This software should be installed by the IT admin at each of the user systems and this would help in removing the unnecessary emails from attacking the systems. 2. Finding the sender and blocking the lists (Xuet al.2019).A personal email should be set up for the organisation. The email IDs of the same should be shared only within the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
16SECURITY CONSULTATION REPORT AND GUIDELINE organisation. This would help in reducing the chances of spam emails coming from unauthorized sources. 3. Filtering the inbox on a regular basis.An instruction should bet set up for all employees to continuously remove junk mails or unnecessary mails from their inbox. 4. Conclusion From the discussion over the above discussions, it can be put under conclusion that the report mainly focuses on the importance of the BYOD policy that would be implemented within the university based on protecting their assets. It also discusses the threats and vulnerabilities. The next part of the report discusses on the principle of working for the certificate-based authentication and password-based authentication scheme. There have been a certain comparison and contrast over both the authentication schemes. Hence, the useful features derived from them have been highlighted within the report. The final part of the report thus discusses on the characteristics of a spam and some representative examples for identifying them. A detailed instruction list has also been provided for understanding them and reducing them at the earliest.
17SECURITY CONSULTATION REPORT AND GUIDELINE References Ahn, J., Yoo, S., Mutlu, O. and Choi, K., 2015, June. PIM-enabled instructions: a low-overhead, locality-awareprocessing-in-memoryarchitecture.In2015ACM/IEEE42ndAnnual International Symposium on Computer Architecture (ISCA)(pp. 336-348). IEEE. AlHogail, A., 2015. Design and validation of information security culture framework.Computers in Human Behavior,49, pp.567-575. Almadhoun, R., Kadadha, M., Alhemeiri, M., Alshehhi, M. and Salah, K., 2018, October. A user authentication scheme of IoT devices using blockchain-enabled fog nodes. In2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA)(pp. 1-8). IEEE. Choudhary, N. and Jain, A.K., 2017, March. Towards filtering of SMS spam messages using machine learning based technique. InInternational Conference on Advanced Informatics for Computing Research(pp. 18-30). Springer, Singapore. Djellali, B., Belarbi, K., Chouarfia, A. and Lorenz, P., 2015. User authentication scheme preserving anonymity for ubiquitous devices.Security and Communication Networks,8(17), pp.3131-3141. Heydari, A., ali Tavakoli, M., Salim, N. and Heydari, Z., 2015. Detection of review spam: A survey.Expert Systems with Applications,42(7), pp.3634-3642. Mandal, S.K. and Deepti, A.R., 2017. A General Approach of Authentication Scheme and its Comparative Study.International Journal of Computer (IJC),26(1), pp.15-22.
18SECURITY CONSULTATION REPORT AND GUIDELINE Moon, J., Choi, Y., Kim, J. and Won, D., 2016. An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps.Journal of medical systems,40(3), p.70. Oh, I., Lee, Y., Lee, H., Lee, K. and Yim, K., 2017, July. Security assessment of the image-based authentication using screen-capture tools. InInternational Conference on Innovative Mobile and Internet Services in Ubiquitous Computing(pp. 156-161). Springer, Cham. Ortbach, K., Walter, N. and Öksüz, A., 2015, May. Are You Ready to Lose Control? A Theory on the Role of Trust and Risk Perception on Bring-Your-Own-Device Policy and Information System Service Quality. InECIS. Ranjan, A.K. and Somani, G., 2016. Access control and authentication in the internet of things environment. InConnectivity Frameworks for Smart Devices(pp. 283-305). Springer, Cham. Tanimoto, S., Yamada, S., Iwashita, M., Kobayashi, T., Sato, H. and Kanai, A., 2016, October. Risk assessment of BYOD: bring your own device. In 2016 IEEE 5th Global Conference on Consumer Electronics (pp. 1-4). IEEE. Verma, U.K., Kumar, S. and Sinha, D., 2016, March. A secure and efficient certificate based authentication protocol for MANET. In2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT)(pp. 1-7). IEEE. Wang, C. and Xu, G., 2017. Cryptanalysis of three password-based remote user authentication schemes with non-tamper-resistant smart card.Security and Communication Networks,2017.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
19SECURITY CONSULTATION REPORT AND GUIDELINE Xu, H., Hu, L., Liu, P. and Guan, B., 2019, June. Exploiting the Spam Correlations in Scalable Online Social Spam Detection. InInternational Conference on Cloud Computing(pp. 146-160). Springer, Cham.