Southern Cross University: BYOD Implementation and Risk Management
VerifiedAdded on 2022/10/15
|11
|2509
|384
Report
AI Summary
This report delves into the complexities of BYOD (Bring Your Own Device) implementation and risk management within the context of Southern Cross University. It begins by identifying critical information assets, such as the university website, student databases, and server systems, and then assesses the potential threats that arise from a BYOD policy, including data leakage, malware, and phishing attacks. The report proposes certificate-based authentication as a more secure alternative to password-based authentication, detailing its mechanism and advantages. It also provides anti-phishing guidelines to educate users and IT administrators on recognizing and handling phishing attacks. The report successfully concludes by emphasizing the importance of cybersecurity for protecting the university's critical assets in a BYOD environment.
Running head: BYOD IMPLEMENTATION AND RSIK MANAGEMNT
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
Name of the Student
Name of the University
Author note
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
Name of the Student
Name of the University
Author note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
Table of Contents
Introduction: 2
Discussion: 2
BYOD risk assessment: 2
Critical Information assets for Southern Cross University: 2
Potential Threats to the critical assets after implementation of BYOD policy: 3
Certificate-based Authentication: 4
Mechanism of Certificate Based authentication: 6
Anti-phishing guideline: 7
Conclusion: 8
References: 9
Table of Contents
Introduction: 2
Discussion: 2
BYOD risk assessment: 2
Critical Information assets for Southern Cross University: 2
Potential Threats to the critical assets after implementation of BYOD policy: 3
Certificate-based Authentication: 4
Mechanism of Certificate Based authentication: 6
Anti-phishing guideline: 7
Conclusion: 8
References: 9
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
Introduction:
One of the most challenging issues in the contemporary world which is faced by all
the organizations whether it is a University, business organization, hospitals, banks or any
functional body that depends on the Information Technology for the operations of the
organization is the cyber security threats. The cyber security threats are the attacks on the
technology systems of the organizations that bring down the working process of the
organization and create mess in the working procedure and loss in valuable data. For the sake
of avoiding the circumstances, the organizations need the implementation of the cyber
security programs within their working structure [1]. The cyber security can be referred to the
programs that are designed and are performed for protecting the IT system form the
unauthorized access, different type of malicious attacks and also provides protection to the
network of the organization.
The report aims in evaluating the scenario of the Southern Cross University where the
role of the security consultant will be to design the security based program that addresses the
emerging issues as well as the risks to the organization after the implementation of the
BYOD policy [2].
Discussion:
BYOD risk assessment:
Critical Information assets for Southern Cross University:
Before building or implementing the strategies for the information assurance or
information based security plan for the organization or the university in the present case, it is
necessary to identify the object or the assets of the organization that are needed to be secured
form the potential security threats. These are the assets that impact the factors like
Introduction:
One of the most challenging issues in the contemporary world which is faced by all
the organizations whether it is a University, business organization, hospitals, banks or any
functional body that depends on the Information Technology for the operations of the
organization is the cyber security threats. The cyber security threats are the attacks on the
technology systems of the organizations that bring down the working process of the
organization and create mess in the working procedure and loss in valuable data. For the sake
of avoiding the circumstances, the organizations need the implementation of the cyber
security programs within their working structure [1]. The cyber security can be referred to the
programs that are designed and are performed for protecting the IT system form the
unauthorized access, different type of malicious attacks and also provides protection to the
network of the organization.
The report aims in evaluating the scenario of the Southern Cross University where the
role of the security consultant will be to design the security based program that addresses the
emerging issues as well as the risks to the organization after the implementation of the
BYOD policy [2].
Discussion:
BYOD risk assessment:
Critical Information assets for Southern Cross University:
Before building or implementing the strategies for the information assurance or
information based security plan for the organization or the university in the present case, it is
necessary to identify the object or the assets of the organization that are needed to be secured
form the potential security threats. These are the assets that impact the factors like
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
confidentiality, reliability of the organization. These are the objects on which the university is
working on or the operation unit of the university is working on. The management of the
university deal with different private information and theories of the students are needed to be
kept with high security as they support the business based mission and the function of the
university [3]. The critical assets of the organization can be determined by the use of the risk
assessment methods, hardware inventory monitoring methods and network traffic monitoring.
The critical assets that are identified for the Southern Cross University are as follows:
The website of the Southern Cross University.
The inventory or data storing system of the Southern Cross University.
Student database storing system.
The server system where all the information of the students and employees for
the university are stored [4].
The server system where all the new admission students are stored.
Human resource information directory.
The research papers of the students and the professors those are stored in the
computers of the organization.
The schematics and the patents of the university are either stored in the system
of the university or in the self devices of the students which are connected to
the server network of the university. The server network of the university is
the main assets for the university.
Potential Threats to the critical assets after implementation of BYOD policy:
The BYOD or the Bring Your Own Device policy may create a feasible environment
for the students as well as the professors in the organization, but it is also very vulnerable to
the cyber attacks that are done by the attackers and may harm the system of the university.
confidentiality, reliability of the organization. These are the objects on which the university is
working on or the operation unit of the university is working on. The management of the
university deal with different private information and theories of the students are needed to be
kept with high security as they support the business based mission and the function of the
university [3]. The critical assets of the organization can be determined by the use of the risk
assessment methods, hardware inventory monitoring methods and network traffic monitoring.
The critical assets that are identified for the Southern Cross University are as follows:
The website of the Southern Cross University.
The inventory or data storing system of the Southern Cross University.
Student database storing system.
The server system where all the information of the students and employees for
the university are stored [4].
The server system where all the new admission students are stored.
Human resource information directory.
The research papers of the students and the professors those are stored in the
computers of the organization.
The schematics and the patents of the university are either stored in the system
of the university or in the self devices of the students which are connected to
the server network of the university. The server network of the university is
the main assets for the university.
Potential Threats to the critical assets after implementation of BYOD policy:
The BYOD or the Bring Your Own Device policy may create a feasible environment
for the students as well as the professors in the organization, but it is also very vulnerable to
the cyber attacks that are done by the attackers and may harm the system of the university.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
Management of the security in the personal devices of the students and professors and
all the people related to the management of the University is difficult and is not possible
where everyone is allowed to use their own device. The threat that arises is the leakage and
theft of the sensitive data from the devices which are connected to the same and central
network of the organization [5]. This also gives a open path to the attackers to enter the server
location of the network that is working for the university. The malware threat is the biggest
threat in this scenario as there is no surveillance system that can be implemented on personal
devices. Phishing attacks are the most common attacks that can happen in this scenario.
The assets can be hacked by the attackers in this scenario, where both the user’s
personal devices and the systems of the universities can be brought down by the attackers by
the implementation of malicious codes within the network server of the university [6]. After
getting the unauthorized access to the network server of the university, the attackers can
destroy all the sensitive and important data related to the university or can trade them and
also ask for ransom to release them. This will create a mess and lag in the system of the
university.
Certificate-based Authentication:
The Southern Cross University has followed the password based authentication before
the implementation of the BYOD policy. The report aims in evaluating and demonstrating the
use of Certificate based Authentication replacing the primitive authentication process which
is the Password Based authentication system which will be used for the purpose of
authentication for both the device and the user.
The certificate based authentication is the process of confirming and verifying the
user for the account or the system. The system aims in relating with the user during the
process of accessing the profile with the user that has created the profile for better and
Management of the security in the personal devices of the students and professors and
all the people related to the management of the University is difficult and is not possible
where everyone is allowed to use their own device. The threat that arises is the leakage and
theft of the sensitive data from the devices which are connected to the same and central
network of the organization [5]. This also gives a open path to the attackers to enter the server
location of the network that is working for the university. The malware threat is the biggest
threat in this scenario as there is no surveillance system that can be implemented on personal
devices. Phishing attacks are the most common attacks that can happen in this scenario.
The assets can be hacked by the attackers in this scenario, where both the user’s
personal devices and the systems of the universities can be brought down by the attackers by
the implementation of malicious codes within the network server of the university [6]. After
getting the unauthorized access to the network server of the university, the attackers can
destroy all the sensitive and important data related to the university or can trade them and
also ask for ransom to release them. This will create a mess and lag in the system of the
university.
Certificate-based Authentication:
The Southern Cross University has followed the password based authentication before
the implementation of the BYOD policy. The report aims in evaluating and demonstrating the
use of Certificate based Authentication replacing the primitive authentication process which
is the Password Based authentication system which will be used for the purpose of
authentication for both the device and the user.
The certificate based authentication is the process of confirming and verifying the
user for the account or the system. The system aims in relating with the user during the
process of accessing the profile with the user that has created the profile for better and
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
accurate authentication. The world of technology has provided a variety of certificate based
authentication process [7]. The certificate based authentication enables the users to access the
desired server with a high secured process which enables exchange of digital certificates in
place of the old met5hiods like the exchange of username and passwords. In the course of
action the client is not providing the username and passwords to the registered server. This
helps in avoiding the malicious attacks like the Phishing attacks, Man in the Middle attacks
which generate due to the use of the passwords [8].
The main advantage gained from the Certificate Authentication over the public key
authentication or the password username system is that it provides Secure Shell which is
evaluated to be much moiré scalable in mature. Trusting individual public keys in large
amount is not necessary as less number of CAs is available. Distribution of the public keys is
not necessary for the purpose of key pair updating. The credentials that are needed for the
authentication are centrally cancelled [9]. The individual based entities are not required to
trust as few CAs will do the work. This makes it highly scalable. The level of security is
higher than other authentication processes. The several servers and their user access are
maintained and controlled with additional environment security. The overall security is
enhanced. They provide better identity verification by the use of the private based keys. The
certificates are used for login purposes and also provide security to the e-mail.
The main disadvantage or the con of the system is, they need tye Public Key
Infrastructure (PKI) which is highly costly during the implantation than the public key
authentications.
accurate authentication. The world of technology has provided a variety of certificate based
authentication process [7]. The certificate based authentication enables the users to access the
desired server with a high secured process which enables exchange of digital certificates in
place of the old met5hiods like the exchange of username and passwords. In the course of
action the client is not providing the username and passwords to the registered server. This
helps in avoiding the malicious attacks like the Phishing attacks, Man in the Middle attacks
which generate due to the use of the passwords [8].
The main advantage gained from the Certificate Authentication over the public key
authentication or the password username system is that it provides Secure Shell which is
evaluated to be much moiré scalable in mature. Trusting individual public keys in large
amount is not necessary as less number of CAs is available. Distribution of the public keys is
not necessary for the purpose of key pair updating. The credentials that are needed for the
authentication are centrally cancelled [9]. The individual based entities are not required to
trust as few CAs will do the work. This makes it highly scalable. The level of security is
higher than other authentication processes. The several servers and their user access are
maintained and controlled with additional environment security. The overall security is
enhanced. They provide better identity verification by the use of the private based keys. The
certificates are used for login purposes and also provide security to the e-mail.
The main disadvantage or the con of the system is, they need tye Public Key
Infrastructure (PKI) which is highly costly during the implantation than the public key
authentications.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
Mechanism of Certificate Based authentication:
The given figure describes the working principle for the certificate based
authentication mechanism.
The software of the client maintains the private keys that are stored in the
database. The client is then asked for the private key passwords so that the
client requires accessing within the session.
The client then helps in unlocking the databases registered for the Private Key
databases. It then retrieves the private based keys gaining the user certificates
and utilizes the private key for signing the data that is randomly generated.
Thos creates the digital signature or the evidence.
The client then certificates and evidence across the network through the SSL
connection [10].
In the web server, the server utilizes the certificates and evidence for the
purpose of authentication of the identity of the user.
The server authorizes the report that allows the access for the identity that is
authenticated.
Mechanism of Certificate Based authentication:
The given figure describes the working principle for the certificate based
authentication mechanism.
The software of the client maintains the private keys that are stored in the
database. The client is then asked for the private key passwords so that the
client requires accessing within the session.
The client then helps in unlocking the databases registered for the Private Key
databases. It then retrieves the private based keys gaining the user certificates
and utilizes the private key for signing the data that is randomly generated.
Thos creates the digital signature or the evidence.
The client then certificates and evidence across the network through the SSL
connection [10].
In the web server, the server utilizes the certificates and evidence for the
purpose of authentication of the identity of the user.
The server authorizes the report that allows the access for the identity that is
authenticated.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
The feature of the use of Certificates that establishes the trust and helps in identifying
the user on a much secured level will help to mitigate the problems or the vulnerabilities that
are likely to cause by the implementation of the BYOD system in the university. The Secure
Sockets Layer (SSL) protocol controls and runs on the server authentication, encrypted
communication between servers and clients and client authentication. The internet uses the
SSL due to the ability of the feature where the interactions consist of exchange of private data
of the university [11]. The features that makes the BYOD secure are the Client SSL
certificates for client authentication, Server SSL certificates, S/MIME certificates, CA
certificates and Object-signing certificates.
Anti-phishing guideline:
The PHISHING is referred to the type of the cybercrime which comprises of the
activities where the targets are the users and then the users are contacted by the process of
electronic communication. The electronic communication that are applied are the email form
of communication, telephonic messages with links generated and are asked to open the link
and are then asked to share the private details of the users for accessing the links. The users
that share the private and sensitive data become prey to these attacks [12]. They are hacked
and all the information access are logged in by the attackers where they will be successful in
entering the server network of the organization and release malicious codes or receive
valuable information.
The three examples that shows the PHISHING characteristics area as follows,
Digital payment-based scams.
Finance-based phishing attacks.
Work-related phishing scams.
The feature of the use of Certificates that establishes the trust and helps in identifying
the user on a much secured level will help to mitigate the problems or the vulnerabilities that
are likely to cause by the implementation of the BYOD system in the university. The Secure
Sockets Layer (SSL) protocol controls and runs on the server authentication, encrypted
communication between servers and clients and client authentication. The internet uses the
SSL due to the ability of the feature where the interactions consist of exchange of private data
of the university [11]. The features that makes the BYOD secure are the Client SSL
certificates for client authentication, Server SSL certificates, S/MIME certificates, CA
certificates and Object-signing certificates.
Anti-phishing guideline:
The PHISHING is referred to the type of the cybercrime which comprises of the
activities where the targets are the users and then the users are contacted by the process of
electronic communication. The electronic communication that are applied are the email form
of communication, telephonic messages with links generated and are asked to open the link
and are then asked to share the private details of the users for accessing the links. The users
that share the private and sensitive data become prey to these attacks [12]. They are hacked
and all the information access are logged in by the attackers where they will be successful in
entering the server network of the organization and release malicious codes or receive
valuable information.
The three examples that shows the PHISHING characteristics area as follows,
Digital payment-based scams.
Finance-based phishing attacks.
Work-related phishing scams.
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
Instruction to the users and IT administrator to recognise and safely handle a
phishing attack:
Educating the member related to the organization like the students and
professors of the universities by training programs on PHISHING attacks.
They can be recognized by the email attachments and links that are demanding
the private information regularly.
Excess pop-up windows and advertisements.
Phone calls asking for sensitive information.
Fake system notifications.
Updating all the systems with latest firewalls.
Deploying SPAM filters that are able to detect the viruses.
Installation of updated antivirus system.
Deployment of web based filter.
Proper decryption and encryption of the organization’s data.
Conclusion:
The report successfully concludes about the importance of the cyber security in any
kind of organization for the safety of the critical assets of their organization. In the case
study, the Southern Cross University has implemented the BYOD policy which is prone to
the attacks and has created an open source for the attackers. The use of the Password based
authentication system has made the BYOD system more vulnerable and hence the
implementation of the Certificate based Authentication has been recommended with the
supporting data.
Instruction to the users and IT administrator to recognise and safely handle a
phishing attack:
Educating the member related to the organization like the students and
professors of the universities by training programs on PHISHING attacks.
They can be recognized by the email attachments and links that are demanding
the private information regularly.
Excess pop-up windows and advertisements.
Phone calls asking for sensitive information.
Fake system notifications.
Updating all the systems with latest firewalls.
Deploying SPAM filters that are able to detect the viruses.
Installation of updated antivirus system.
Deployment of web based filter.
Proper decryption and encryption of the organization’s data.
Conclusion:
The report successfully concludes about the importance of the cyber security in any
kind of organization for the safety of the critical assets of their organization. In the case
study, the Southern Cross University has implemented the BYOD policy which is prone to
the attacks and has created an open source for the attackers. The use of the Password based
authentication system has made the BYOD system more vulnerable and hence the
implementation of the Certificate based Authentication has been recommended with the
supporting data.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
References:
[1] Song, Y., 2014. “Bring Your Own Device (BYOD)” for seamless science inquiry in a
primary school. Computers & Education, 74, pp.50-60.
[2] Afreen, R., 2014. Bring your own device (BYOD) in higher education: opportunities and
challenges. International Journal of Emerging Trends & Technology in Computer
Science, 3(1), pp.233-236.
[3] Ghosh, A., Gajar, P.K. and Rai, S., 2013. Bring your own device (BYOD): Security risks
and mitigating strategies. Journal of Global Research in Computer Science, 4(4), pp.62-70.
[4] Disterer, G. and Kleiner, C., 2013. BYOD bring your own device. Procedia
Technology, 9, pp.43-53.
[5] Eslahi, M., Naseri, M.V., Hashim, H., Tahir, N.M. and Saad, E.H.M., 2014, April.
BYOD: Current state and security challenges. In 2014 IEEE Symposium on Computer
Applications and Industrial Electronics (ISCAIE) (pp. 189-192). IEEE.
[6] Hummen, R., Ziegeldorf, J.H., Shafagh, H., Raza, S. and Wehrle, K., 2013, April.
Towards viable certificate-based authentication for the internet of things. In Proceedings of
the 2nd ACM workshop on Hot topics on wireless network security and privacy (pp. 37-42).
ACM.
[7] Xue, K., Ma, C., Hong, P. and Ding, R., 2013. A temporal-credential-based mutual
authentication and key agreement scheme for wireless sensor networks. Journal of Network
and Computer Applications, 36(1), pp.316-323.
[8] Verma, U.K., Kumar, S. and Sinha, D., 2016, March. A secure and efficient certificate
based authentication protocol for MANET. In 2016 International Conference on Circuit,
Power and Computing Technologies (ICCPCT) (pp. 1-7). IEEE.
References:
[1] Song, Y., 2014. “Bring Your Own Device (BYOD)” for seamless science inquiry in a
primary school. Computers & Education, 74, pp.50-60.
[2] Afreen, R., 2014. Bring your own device (BYOD) in higher education: opportunities and
challenges. International Journal of Emerging Trends & Technology in Computer
Science, 3(1), pp.233-236.
[3] Ghosh, A., Gajar, P.K. and Rai, S., 2013. Bring your own device (BYOD): Security risks
and mitigating strategies. Journal of Global Research in Computer Science, 4(4), pp.62-70.
[4] Disterer, G. and Kleiner, C., 2013. BYOD bring your own device. Procedia
Technology, 9, pp.43-53.
[5] Eslahi, M., Naseri, M.V., Hashim, H., Tahir, N.M. and Saad, E.H.M., 2014, April.
BYOD: Current state and security challenges. In 2014 IEEE Symposium on Computer
Applications and Industrial Electronics (ISCAIE) (pp. 189-192). IEEE.
[6] Hummen, R., Ziegeldorf, J.H., Shafagh, H., Raza, S. and Wehrle, K., 2013, April.
Towards viable certificate-based authentication for the internet of things. In Proceedings of
the 2nd ACM workshop on Hot topics on wireless network security and privacy (pp. 37-42).
ACM.
[7] Xue, K., Ma, C., Hong, P. and Ding, R., 2013. A temporal-credential-based mutual
authentication and key agreement scheme for wireless sensor networks. Journal of Network
and Computer Applications, 36(1), pp.316-323.
[8] Verma, U.K., Kumar, S. and Sinha, D., 2016, March. A secure and efficient certificate
based authentication protocol for MANET. In 2016 International Conference on Circuit,
Power and Computing Technologies (ICCPCT) (pp. 1-7). IEEE.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
BYOD IMPLEMENTATION AND RSIK MANAGEMNT
[9] Toseef, U., Zaalouk, A., Rothe, T., Broadbent, M. and Pentikousis, K., 2014, September.
C-BAS: Certificate-based AAA for SDN experimental facilities. In 2014 Third European
Workshop on Software Defined Networks (pp. 91-96). IEEE.
[10] Khonji, M., Iraqi, Y. and Jones, A., 2013. Phishing detection: a literature survey. IEEE
Communications Surveys & Tutorials, 15(4), pp.2091-2121.
[11] Jansson, K. and von Solms, R., 2013. Phishing for phishing awareness. Behaviour &
information technology, 32(6), pp.584-593.
[12] Abdelhamid, N., Ayesh, A. and Thabtah, F., 2014. Phishing detection based associative
classification data mining. Expert Systems with Applications, 41(13), pp.5948-5959.
[9] Toseef, U., Zaalouk, A., Rothe, T., Broadbent, M. and Pentikousis, K., 2014, September.
C-BAS: Certificate-based AAA for SDN experimental facilities. In 2014 Third European
Workshop on Software Defined Networks (pp. 91-96). IEEE.
[10] Khonji, M., Iraqi, Y. and Jones, A., 2013. Phishing detection: a literature survey. IEEE
Communications Surveys & Tutorials, 15(4), pp.2091-2121.
[11] Jansson, K. and von Solms, R., 2013. Phishing for phishing awareness. Behaviour &
information technology, 32(6), pp.584-593.
[12] Abdelhamid, N., Ayesh, A. and Thabtah, F., 2014. Phishing detection based associative
classification data mining. Expert Systems with Applications, 41(13), pp.5948-5959.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.