Cybersecurity Report
VerifiedAdded on 2020/12/09
|9
|2005
|320
Report
AI Summary
This report analyzes the cybersecurity risks associated with a Bring Your Own Device (BYOD) policy in a university setting. It explores the vulnerabilities of password-based authentication and proposes certificate-based authentication as a more secure alternative. The report also discusses top cybersecurity threats, including spam, and provides insights into anti-spam measures.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
CYBERSECURITY
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................1
Assessment of risk from Bring Your Own Device (BOYD) policy to university's information
system.........................................................................................................................................1
TASK 2............................................................................................................................................3
Working principle of the Certificate Based Authentication mechanism....................................3
TASK 3............................................................................................................................................4
Top Cybersecurity Threats and Anti-Spam................................................................................4
CONCLUSION...............................................................................................................................5
REFERENCES................................................................................................................................6
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................1
Assessment of risk from Bring Your Own Device (BOYD) policy to university's information
system.........................................................................................................................................1
TASK 2............................................................................................................................................3
Working principle of the Certificate Based Authentication mechanism....................................3
TASK 3............................................................................................................................................4
Top Cybersecurity Threats and Anti-Spam................................................................................4
CONCLUSION...............................................................................................................................5
REFERENCES................................................................................................................................6
INTRODUCTION
Advancement of technology have increased the movement of database in this inter-
connected network. This large source of information requires protection and security in this
technology-based world and this can be considered as cybersecurity which allows protection of
data from an unauthorised user. It will also provide risk assessment of “Bring Your Own
Device” policy. Present study will provide solutions of cybersecurity which helps in protecting
the confidential and secured information. This report will also provide conceptual mechanism of
password and certificate-based mechanism.
TASK 1
Assessment of risk from Bring Your Own Device (BOYD) policy to university's information
system
University contains large amount of secured data which needs to be protected against the
cybercrimes. Cybersecurity is one of the greatest concerns for large organisations who used to
deal with huge amount of database collection on regular basis (Taeihagh & Lim, 2018). The
southern cross university is currently using Bring Your Own device (BYOD) policy which
ensures the use of password-based authentication. It was disclosed that unauthorised users are
trying to access the information which might bring threat to secured one. As a technical
consultant of college, various risk components are identified in order to protect the data from
fraudulent practices.
Most critical components of university's information system are as follows:
These are mainly those assets which helps in protecting the financial data and
confidential details of students etc.
It includes identifying the data and information assets of the college which requires more
security.
Determining the strategies to prevent loss of information and it will ensure proper
implementation of cybersecurity policies.
Threats related to BYOD concept
Bring Your Own Device uses the principle of Password-based authentication and this
concept mainly asks for user name and password unlock secured data (Carter & Sofio, 2017).
Consultant advisor of southern university have found many disadvantages as it is less secured
1
Advancement of technology have increased the movement of database in this inter-
connected network. This large source of information requires protection and security in this
technology-based world and this can be considered as cybersecurity which allows protection of
data from an unauthorised user. It will also provide risk assessment of “Bring Your Own
Device” policy. Present study will provide solutions of cybersecurity which helps in protecting
the confidential and secured information. This report will also provide conceptual mechanism of
password and certificate-based mechanism.
TASK 1
Assessment of risk from Bring Your Own Device (BOYD) policy to university's information
system
University contains large amount of secured data which needs to be protected against the
cybercrimes. Cybersecurity is one of the greatest concerns for large organisations who used to
deal with huge amount of database collection on regular basis (Taeihagh & Lim, 2018). The
southern cross university is currently using Bring Your Own device (BYOD) policy which
ensures the use of password-based authentication. It was disclosed that unauthorised users are
trying to access the information which might bring threat to secured one. As a technical
consultant of college, various risk components are identified in order to protect the data from
fraudulent practices.
Most critical components of university's information system are as follows:
These are mainly those assets which helps in protecting the financial data and
confidential details of students etc.
It includes identifying the data and information assets of the college which requires more
security.
Determining the strategies to prevent loss of information and it will ensure proper
implementation of cybersecurity policies.
Threats related to BYOD concept
Bring Your Own Device uses the principle of Password-based authentication and this
concept mainly asks for user name and password unlock secured data (Carter & Sofio, 2017).
Consultant advisor of southern university have found many disadvantages as it is less secured
1
concept to avoid the cybercrimes. Application of this kind of approach for security includes the
following threats such as:
Access of information is provided to user by logging in from ID. in this concept which
can be proved as a great threat to the university.
It does not encrypt the original form of data which can be utilised by any unknown
person in order to adopt cybercrime.
Being a consultant of college, it can be identified that BYOD is not an effective solution
to maintain or prevent the data security.
Potential vulnerabilities
Management of university have observed that Bring your own device is an ineffective
method which provides the least security to information of college (Nunes & et.al., 2016).
Consultant have advised the management to use certified concept instead of password-based
authentication. Certification-based cybersecurity scheme allows certified user authentication.
This approach requires identity of a person who uses the information.
Quantitative and qualitative risk assessment approach
These risk assessments can be considered as possibilities of managing and controlling the
risk of currently used plans. This can be identified by using risk matrix which includes 1 to 3
scale of rating. The rating of scale will determine the level of it and risk that will be controlled
according to rating provided (Busby, Green & Hutchison, 2017.) Risk matrix table is presented
below which will describe risk and its controlling factors:
Type of risk Frequency Frequency Result frequency
Hacking of
secured data
2 2 4 Moderate
Malware
practices
2 1 2 Acceptable
Phishing 3 3 9 Very high
Circulation of 3 1 3 moderate
2
following threats such as:
Access of information is provided to user by logging in from ID. in this concept which
can be proved as a great threat to the university.
It does not encrypt the original form of data which can be utilised by any unknown
person in order to adopt cybercrime.
Being a consultant of college, it can be identified that BYOD is not an effective solution
to maintain or prevent the data security.
Potential vulnerabilities
Management of university have observed that Bring your own device is an ineffective
method which provides the least security to information of college (Nunes & et.al., 2016).
Consultant have advised the management to use certified concept instead of password-based
authentication. Certification-based cybersecurity scheme allows certified user authentication.
This approach requires identity of a person who uses the information.
Quantitative and qualitative risk assessment approach
These risk assessments can be considered as possibilities of managing and controlling the
risk of currently used plans. This can be identified by using risk matrix which includes 1 to 3
scale of rating. The rating of scale will determine the level of it and risk that will be controlled
according to rating provided (Busby, Green & Hutchison, 2017.) Risk matrix table is presented
below which will describe risk and its controlling factors:
Type of risk Frequency Frequency Result frequency
Hacking of
secured data
2 2 4 Moderate
Malware
practices
2 1 2 Acceptable
Phishing 3 3 9 Very high
Circulation of 3 1 3 moderate
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
spams to harm the
cybersecurity
TASK 2
Working principle of the Certificate Based Authentication mechanism
Server identifies the authenticated user when it receives correct signature or required
identity. Here, server asks for the private key which proves that the user is certified and allowed
to use information. In certificate based authentication, several fields are required to be
completedin order to identify the user. These fields contain digital certificate, one time password
(OTP), bio metric authentication (Cruz & et.al., 2016). Following steps are considered for
verifying the user identity in order to provide access of secured data and information, these are
as follows:
firstly, user sends request to server for obtaining the services.
Server asks for identity and digital certificate to provide access and in this situation
authenticated user unlocks the security of data using private key.
In this situation when users private key and server's public key are identified and
matched with each other than server found its authenticated user.
After the server got full proof of user's identity then users are allowed to access required
confidential data.
Pros and cons of certificate -based authentication are as follows:
Certified entities are allowed to access the information while it can be a tough at time
when user forgot private key to unlock information. This security policy requires dynamically
generated OTPs while if any system error occurred then it could be comparatively harder to get
the dynamically generated password of server (Livingstone & Lewis, 2016). It is mutually
performed practice which generally involve both server and client side authentication to provide
access. But on the other hand it is cost consuming practice.
Comparing the role of password-based authentication with certificate-based authentication
Certificate-based authentication is more user friendly and secured method forkeeping the
data and information highly confidential whereas password-based authentication can be
accessible by any kind of user even if they are not an authorised entity.
3
cybersecurity
TASK 2
Working principle of the Certificate Based Authentication mechanism
Server identifies the authenticated user when it receives correct signature or required
identity. Here, server asks for the private key which proves that the user is certified and allowed
to use information. In certificate based authentication, several fields are required to be
completedin order to identify the user. These fields contain digital certificate, one time password
(OTP), bio metric authentication (Cruz & et.al., 2016). Following steps are considered for
verifying the user identity in order to provide access of secured data and information, these are
as follows:
firstly, user sends request to server for obtaining the services.
Server asks for identity and digital certificate to provide access and in this situation
authenticated user unlocks the security of data using private key.
In this situation when users private key and server's public key are identified and
matched with each other than server found its authenticated user.
After the server got full proof of user's identity then users are allowed to access required
confidential data.
Pros and cons of certificate -based authentication are as follows:
Certified entities are allowed to access the information while it can be a tough at time
when user forgot private key to unlock information. This security policy requires dynamically
generated OTPs while if any system error occurred then it could be comparatively harder to get
the dynamically generated password of server (Livingstone & Lewis, 2016). It is mutually
performed practice which generally involve both server and client side authentication to provide
access. But on the other hand it is cost consuming practice.
Comparing the role of password-based authentication with certificate-based authentication
Certificate-based authentication is more user friendly and secured method forkeeping the
data and information highly confidential whereas password-based authentication can be
accessible by any kind of user even if they are not an authorised entity.
3
Certificate-based authentication allows certified users while it is not necessary in
password-based authentication that the user who is using information is trustworthy.
It uses encryption and decryption mode to change actual form of information while
password-based authentication cannot change the actual format and allows use
information as it is.
Certified policy asks for personal identity of user whereas BYOD concept which adopts
password-based authentication are only asks for username and password to allow access to
secured data (Malhotra, 2015).Server unlocks the data using private key of users and only
password are required in BYOD policy to access information.
There are lot of threats involved in cybersecurity of the university at time when college
management was using bring your own device concept which uses the principle of password-
based authentication, the threats are as follows:
This type of cybersecurity cannot contain strong ways of preventing the confidentiality of
data. So, this type of information can be easily approachable by criminals.
BYOD method is not a certified way so it could be easily approachable by unauthorised
users and this could lead to cybercrimes.
There are lot of problems with BYOD policy that easy passwords can be cracked easily
while random passwords are hard to remember. So, to overcome these types of threats it
was replaced with certificate-based authentication.
TASK 3
Top Cybersecurity Threats and Anti-Spam
It can be termed as unsolicited commercial electronic messages which are aimed at
hacking the sites to access the information or it can also destruct the speed and potential capacity
of system to produce output. Spams are considerably a Malicious practice which leads to
criminal attacks in order to access the secured data and information of organisation (Adhikari,
Morris & Pan, 2017). The government have introduced A Spam Act 2003 to control such
unwanted activities. It can be characterised as follows:
Arrival of a single electronic message can be sometimes considered as spam.
4
password-based authentication that the user who is using information is trustworthy.
It uses encryption and decryption mode to change actual form of information while
password-based authentication cannot change the actual format and allows use
information as it is.
Certified policy asks for personal identity of user whereas BYOD concept which adopts
password-based authentication are only asks for username and password to allow access to
secured data (Malhotra, 2015).Server unlocks the data using private key of users and only
password are required in BYOD policy to access information.
There are lot of threats involved in cybersecurity of the university at time when college
management was using bring your own device concept which uses the principle of password-
based authentication, the threats are as follows:
This type of cybersecurity cannot contain strong ways of preventing the confidentiality of
data. So, this type of information can be easily approachable by criminals.
BYOD method is not a certified way so it could be easily approachable by unauthorised
users and this could lead to cybercrimes.
There are lot of problems with BYOD policy that easy passwords can be cracked easily
while random passwords are hard to remember. So, to overcome these types of threats it
was replaced with certificate-based authentication.
TASK 3
Top Cybersecurity Threats and Anti-Spam
It can be termed as unsolicited commercial electronic messages which are aimed at
hacking the sites to access the information or it can also destruct the speed and potential capacity
of system to produce output. Spams are considerably a Malicious practice which leads to
criminal attacks in order to access the secured data and information of organisation (Adhikari,
Morris & Pan, 2017). The government have introduced A Spam Act 2003 to control such
unwanted activities. It can be characterised as follows:
Arrival of a single electronic message can be sometimes considered as spam.
4
Purpose of these mails is to affect the efficiency and productivity of the business and
these are sometimes sent to track the activities of software in order to hack the
confidential information. This is considered as criminal activities or cyberattacks.
It can be arrived in the form of advertisement or promotion of goods and services
through pop-up messages or electronic mails.
The spam Act is established to prohibit the use of such unsolicited emails which harm the
cybersecurity (Hogan & Newton, 2015).It is an Australian act of cybersecurity which prevents
unwanted mails to users.
Threats
These types of electronic mails can harm the information and even it is also responsible
for producing virus in system. These malware activities lower the performance of the system and
damage the security of information. Spams restrict the potential capabilities of software to
produce desired quality of output.
CONCLUSION
It was concluded from the above context that cybersecurity is very essential in this
technological world as the security of data is considered to be an important aspect in this socially
expanded society. This report had also provided various techniques of to protect the data and
information. It had also focussed towards the use of certificate-based concept which prevents the
confidential information from cyberattacks. The study had also mentioned the drawbacks of
using BYOD mechanism in protecting the highly security data from criminals. The report had
also described the cybersecurity threats and spam practices which harm the secured database.
5
these are sometimes sent to track the activities of software in order to hack the
confidential information. This is considered as criminal activities or cyberattacks.
It can be arrived in the form of advertisement or promotion of goods and services
through pop-up messages or electronic mails.
The spam Act is established to prohibit the use of such unsolicited emails which harm the
cybersecurity (Hogan & Newton, 2015).It is an Australian act of cybersecurity which prevents
unwanted mails to users.
Threats
These types of electronic mails can harm the information and even it is also responsible
for producing virus in system. These malware activities lower the performance of the system and
damage the security of information. Spams restrict the potential capabilities of software to
produce desired quality of output.
CONCLUSION
It was concluded from the above context that cybersecurity is very essential in this
technological world as the security of data is considered to be an important aspect in this socially
expanded society. This report had also provided various techniques of to protect the data and
information. It had also focussed towards the use of certificate-based concept which prevents the
confidential information from cyberattacks. The study had also mentioned the drawbacks of
using BYOD mechanism in protecting the highly security data from criminals. The report had
also described the cybersecurity threats and spam practices which harm the secured database.
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
REFERENCES
Books and Journals
Adhikari, U., Morris, T., & Pan, S. (2017). WAMS cyber-physical test bed for power system,
cybersecurity study, and data mining. IEEE Transactions on Smart Grid, 8(6), 2744-
2753.
Busby, J. S., Green, B., & Hutchison, D. (2017). Analysis of Affordance, Time, and Adaptation
in the Assessment of Industrial Control System Cybersecurity Risk. Risk Analysis, 37(7),
1298-1314.
Carter, W. A., & Sofio, D. G. (2017). CYBERSECURITY LEGISLATION AND CRITICAL
INFRASTRUCTURE VULNERABILITIES. Foundations of Homeland Security: Law
and Policy, 233-249.
Cruz, T. & et.al., (2016). A cybersecurity detection framework for supervisory control and data
acquisition systems. IEEE Transactions on Industrial Informatics, 12(6), 2236-2246.
Hogan, M. D., & Newton, E. M. (2015). Interagency Report on Strategic US Government
Engagement in International Standardization to Achieve US Objectives for
Cybersecurity(No. NIST Interagency/Internal Report (NISTIR)-8074 Volume 1).
Livingstone, D., & Lewis, P. (2016). Space, the Final Frontier for Cybersecurity?. Chatham
House, September.
Malhotra, Y. (2015). Cybersecurity & Cyber-Finance Risk Management: Strategies, Tactics,
Operations, &, Intelligence: Enterprise Risk Management to Model Risk Management:
Understanding Vulnerabilities, Threats, & Risk Mitigation (Presentation Slides).
Nunes, E. & et.al., (2016). Darknet and deepnet mining for proactive cybersecurity threat
intelligence. arXiv preprint arXiv:1607.08583.
Taeihagh, A., & Lim, H. S. M. (2018). Governing autonomous vehicles: emerging responses for
safety, liability, privacy, cybersecurity, and industry risks. Transport Reviews, 1-26.
6
Books and Journals
Adhikari, U., Morris, T., & Pan, S. (2017). WAMS cyber-physical test bed for power system,
cybersecurity study, and data mining. IEEE Transactions on Smart Grid, 8(6), 2744-
2753.
Busby, J. S., Green, B., & Hutchison, D. (2017). Analysis of Affordance, Time, and Adaptation
in the Assessment of Industrial Control System Cybersecurity Risk. Risk Analysis, 37(7),
1298-1314.
Carter, W. A., & Sofio, D. G. (2017). CYBERSECURITY LEGISLATION AND CRITICAL
INFRASTRUCTURE VULNERABILITIES. Foundations of Homeland Security: Law
and Policy, 233-249.
Cruz, T. & et.al., (2016). A cybersecurity detection framework for supervisory control and data
acquisition systems. IEEE Transactions on Industrial Informatics, 12(6), 2236-2246.
Hogan, M. D., & Newton, E. M. (2015). Interagency Report on Strategic US Government
Engagement in International Standardization to Achieve US Objectives for
Cybersecurity(No. NIST Interagency/Internal Report (NISTIR)-8074 Volume 1).
Livingstone, D., & Lewis, P. (2016). Space, the Final Frontier for Cybersecurity?. Chatham
House, September.
Malhotra, Y. (2015). Cybersecurity & Cyber-Finance Risk Management: Strategies, Tactics,
Operations, &, Intelligence: Enterprise Risk Management to Model Risk Management:
Understanding Vulnerabilities, Threats, & Risk Mitigation (Presentation Slides).
Nunes, E. & et.al., (2016). Darknet and deepnet mining for proactive cybersecurity threat
intelligence. arXiv preprint arXiv:1607.08583.
Taeihagh, A., & Lim, H. S. M. (2018). Governing autonomous vehicles: emerging responses for
safety, liability, privacy, cybersecurity, and industry risks. Transport Reviews, 1-26.
6
7
1 out of 9
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.