CMP71001 Cybersecurity: Southern Cross University Security Report
VerifiedAdded on 2023/04/25
|9
|2240
|285
Report
AI Summary
This report assesses cybersecurity risks associated with Southern Cross University's Bring Your Own Device (BYOD) policy and recommends improvements. It evaluates the risks of BYOD, such as lack of password protection and data breaches, and suggests mitigation strategies like encryption and strong password policies. The report advocates for certificate-based authentication as a more secure alternative to password-based systems, detailing its working principles and advantages. Furthermore, it provides anti-phishing guidelines to protect against phishing attacks, including identifying fraudulent emails and implementing security measures. The report concludes by emphasizing the importance of firewalls and antivirus software for identifying and blocking spam and fraudulent emails.
Cyber security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY
1
Table of Contents
Introduction...........................................................................................................................................2
BOYD risk assessment............................................................................................................................2
Certificate-based Authentication...........................................................................................................3
Anti-phishing guideline..........................................................................................................................4
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7
1
Table of Contents
Introduction...........................................................................................................................................2
BOYD risk assessment............................................................................................................................2
Certificate-based Authentication...........................................................................................................3
Anti-phishing guideline..........................................................................................................................4
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7
CYBER SECURITY
2
Introduction
Security of information in the organization is one of the crucial steps and it is associated
with the security threats that occur due to lack of security. The southern cross
university is the facing the issue of security threats and attacks and they also developed
bring your own device policy to control and manage security risks. The goal of this
technical report is to analysis the security risks associated with the BYOD policy and
improving the security of the Southern Cross university data by adopting certificate-
based authentication. This report is divided into main three tasks such as BOYD risk
assessment, certificate-based authentication, and Anti-phishing guideline.
BOYD risk assessment
There are many critical components of the organization information system such as
access control, security of information and data, managing database centre, and
configuring the communication networks (Crossler et al. 2014). In which security of the
data is one of the critical components that faced by the organization and they use the
internet connectivity which associated with the threats and risks like cyber-crimes,
phishing, malware and so on. There are several threats and risk the BYOD policy may
bring to the evaluated critical assets such as no password protection, data breach, non-
encrypted data and connection, and risk of insecure use (Moyer 2013). The
vulnerabilities of the above threats and risk are lack of security, use of unauthentic
servers and networks, use of the third-party application, configuration conflict and
many more. Encryption, use of high-level password technique, cryptography all these
are very best approaches to assess the risks to the organization information system.
Encryption provides a way to convert information into a form of code which cannot be
accessed without user permission. High-level password system can be used because the
organization uses the low password system which can easily detect by the attacks so,
they can design and develop the high-level password system. In order to control and
monitor the risks associated with the BYOD policy, an organization can adopt the
cryptography technology that has the potential to detect and identify the viruses and
traffic signals from the server.
2
Introduction
Security of information in the organization is one of the crucial steps and it is associated
with the security threats that occur due to lack of security. The southern cross
university is the facing the issue of security threats and attacks and they also developed
bring your own device policy to control and manage security risks. The goal of this
technical report is to analysis the security risks associated with the BYOD policy and
improving the security of the Southern Cross university data by adopting certificate-
based authentication. This report is divided into main three tasks such as BOYD risk
assessment, certificate-based authentication, and Anti-phishing guideline.
BOYD risk assessment
There are many critical components of the organization information system such as
access control, security of information and data, managing database centre, and
configuring the communication networks (Crossler et al. 2014). In which security of the
data is one of the critical components that faced by the organization and they use the
internet connectivity which associated with the threats and risks like cyber-crimes,
phishing, malware and so on. There are several threats and risk the BYOD policy may
bring to the evaluated critical assets such as no password protection, data breach, non-
encrypted data and connection, and risk of insecure use (Moyer 2013). The
vulnerabilities of the above threats and risk are lack of security, use of unauthentic
servers and networks, use of the third-party application, configuration conflict and
many more. Encryption, use of high-level password technique, cryptography all these
are very best approaches to assess the risks to the organization information system.
Encryption provides a way to convert information into a form of code which cannot be
accessed without user permission. High-level password system can be used because the
organization uses the low password system which can easily detect by the attacks so,
they can design and develop the high-level password system. In order to control and
monitor the risks associated with the BYOD policy, an organization can adopt the
cryptography technology that has the potential to detect and identify the viruses and
traffic signals from the server.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
CYBER SECURITY
3
It is observed that the employees of the organization do not protect and secure their
private details which enhance the rate of cyber-crimes. Even if they do, they use simple
passwords for convenience that associated with the malware and data breach issue.
There are numbers of malware applications which are developed by the criminals to
access and detect the private details of user’s networks. Employees access their
accounts in this application that increase the hacking and data breach related issues to
the organization information system. Lack of security and use of unauthentic servers
both are a common problem of the organization and BYOD policy involve the fewer
security techniques and tools that can easily break by the hackers. Interview, data and
information owner, review documentation and other employees all these can be used to
collect the information to access the risks and threats. There are few steps and methods
that can be used to assess the risk to the company information systems which are the
following:
Identify all the valuable assets across the company which could be harmed by
risks and threats
Evaluate the potential consequences
Determine the threats and their level
Find the vulnerabilities that increase the risks and threats and assess the
likelihood of their exploitation.
Design and implement the risk management plan with the help of collected data
and information
Certificate-based Authentication
According to the given scenario, Southern Cross University uses a simple password-
based process to control and monitor the consumer’s access to the company’s
information system. It is analysed the password-based system is very old security
technique and it can detect by the attackers with the help of malicious software and
botnet process. Mainly hackers transfer the unwanted signals and unauthentic
networks to the consumers by which users can lose the details of their accounts and
hackers enter into their servers. To avoid such kind of issues it is suggested that an
organization can adopt the certificate-based authentication for both consumer
authentication and devices.
3
It is observed that the employees of the organization do not protect and secure their
private details which enhance the rate of cyber-crimes. Even if they do, they use simple
passwords for convenience that associated with the malware and data breach issue.
There are numbers of malware applications which are developed by the criminals to
access and detect the private details of user’s networks. Employees access their
accounts in this application that increase the hacking and data breach related issues to
the organization information system. Lack of security and use of unauthentic servers
both are a common problem of the organization and BYOD policy involve the fewer
security techniques and tools that can easily break by the hackers. Interview, data and
information owner, review documentation and other employees all these can be used to
collect the information to access the risks and threats. There are few steps and methods
that can be used to assess the risk to the company information systems which are the
following:
Identify all the valuable assets across the company which could be harmed by
risks and threats
Evaluate the potential consequences
Determine the threats and their level
Find the vulnerabilities that increase the risks and threats and assess the
likelihood of their exploitation.
Design and implement the risk management plan with the help of collected data
and information
Certificate-based Authentication
According to the given scenario, Southern Cross University uses a simple password-
based process to control and monitor the consumer’s access to the company’s
information system. It is analysed the password-based system is very old security
technique and it can detect by the attackers with the help of malicious software and
botnet process. Mainly hackers transfer the unwanted signals and unauthentic
networks to the consumers by which users can lose the details of their accounts and
hackers enter into their servers. To avoid such kind of issues it is suggested that an
organization can adopt the certificate-based authentication for both consumer
authentication and devices.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY
4
Certificate-based authentication is defined as the use of the digital certificate to
determine and identify the consumer, machine or system before granting access to the
resource, server and network (Hummen et al. 2013). In the case of consumer
authentication, this technique is often deployed in coordination with the current
techniques like password and user name. The major difference between this technology
and the password-based system is that it uses both biometric and one-time password
system rather than app lock and password that increase the security of the data. The
working principle of the certificate-based authentication is simple and easy and it is
more flexible as compared to the password based system. In which the first user
provide their detail like name, mobile numbers of verification, and face detection for
biometric reorganization (Chaurasia & Verma 2011).
Mainly, the certificate issue and signed by the trusted and is divided into the main two
parts. First part is that certificate must have been signed correctly and next, the signing
CA’s public key must be in a trusted certificates store which is used for the
authentication process in the organization (Xue et al. 2013). If any consumer provides a
certificate which has not been signed by the CA then the authentication of that
consumer will fail. After that, all the information of consumer insert into the database
and mismatch with their certified document and for configuration the one-time
password system has used that increase the security of the system and information. In
the end, the server uses the certificate and the evidence to authenticate the consumer’s
identity.
Southern Cross University can adopt this technology because it is more secure and
advanced technology as compared to the password system and it has the ability to
enhance the security of data and information. In the case of certificate-based
authentication, consumers and organization can reduce the rate of risk and threats
associated with the BYOD policy and password-based system is less secure that cannot
reduce the security risks. Moreover, password of the system can easily detect and
access by the hackers but hackers cannot break the security of certificate-based
authentication for which they required the biometric face, fingers and eye recognition
and OTP to access data of the user.
4
Certificate-based authentication is defined as the use of the digital certificate to
determine and identify the consumer, machine or system before granting access to the
resource, server and network (Hummen et al. 2013). In the case of consumer
authentication, this technique is often deployed in coordination with the current
techniques like password and user name. The major difference between this technology
and the password-based system is that it uses both biometric and one-time password
system rather than app lock and password that increase the security of the data. The
working principle of the certificate-based authentication is simple and easy and it is
more flexible as compared to the password based system. In which the first user
provide their detail like name, mobile numbers of verification, and face detection for
biometric reorganization (Chaurasia & Verma 2011).
Mainly, the certificate issue and signed by the trusted and is divided into the main two
parts. First part is that certificate must have been signed correctly and next, the signing
CA’s public key must be in a trusted certificates store which is used for the
authentication process in the organization (Xue et al. 2013). If any consumer provides a
certificate which has not been signed by the CA then the authentication of that
consumer will fail. After that, all the information of consumer insert into the database
and mismatch with their certified document and for configuration the one-time
password system has used that increase the security of the system and information. In
the end, the server uses the certificate and the evidence to authenticate the consumer’s
identity.
Southern Cross University can adopt this technology because it is more secure and
advanced technology as compared to the password system and it has the ability to
enhance the security of data and information. In the case of certificate-based
authentication, consumers and organization can reduce the rate of risk and threats
associated with the BYOD policy and password-based system is less secure that cannot
reduce the security risks. Moreover, password of the system can easily detect and
access by the hackers but hackers cannot break the security of certificate-based
authentication for which they required the biometric face, fingers and eye recognition
and OTP to access data of the user.
CYBER SECURITY
5
Anti-phishing guideline
Phishing is a part of cyber threat which is one of the common threat that faced by the
Southern Cross University. Mainly, it is a form of identity theft, start with the email
where hackers send the spam and fraud emails to detect personal information like bank
account, user ID, debit and credit card number and financial documents (Black, 2005).
Hackers use the malicious software to generate the fraud and unwanted links and
transfer to the consumer through Email and users click on that links by which they lose
their private details and information (Hong 2012). There are many characteristics of the
phishing attack which are the following:
Phishing attack mainly appears as a significant notice with a deceptive subject
line to entice the recipient to believe that the email has come from a trusted
website and source and they open by which they can face the phishing (APWG
2018).
Sometimes this type of attack contains messages which sound attractive as
compare to threatening, for example, promising the consumer for a prize or
reward.
Mainly it involves the forged sender’s address of the company and makes the
messages appear as if it comes from the company it claimed to be.
Such kind of attack contains the hyperlinks which will take the consumer to a
fraudulent website instead of the genuine links which are displayed.
It is observed that the fraud and spam email act is considered as the phishing because
mainly hackers use the email to communicate with the consumers and enter into their
networks and devices (Prakash et al. 2010). There are many real examples of phishing
attack such as malicious emails transferred from MailChimp account; GDPR related
phishing scams surface, and WhatsApp phishing attack.
There are many steps and instruction that can be used by the consumers to recognize
and handle the phishing attack which are the following:
Identify the fraud and spam links and emails from the networks which are sent
by the hackers
If consumer received unwanted link and reward link then block immediately
because these are the part of a phishing attack
5
Anti-phishing guideline
Phishing is a part of cyber threat which is one of the common threat that faced by the
Southern Cross University. Mainly, it is a form of identity theft, start with the email
where hackers send the spam and fraud emails to detect personal information like bank
account, user ID, debit and credit card number and financial documents (Black, 2005).
Hackers use the malicious software to generate the fraud and unwanted links and
transfer to the consumer through Email and users click on that links by which they lose
their private details and information (Hong 2012). There are many characteristics of the
phishing attack which are the following:
Phishing attack mainly appears as a significant notice with a deceptive subject
line to entice the recipient to believe that the email has come from a trusted
website and source and they open by which they can face the phishing (APWG
2018).
Sometimes this type of attack contains messages which sound attractive as
compare to threatening, for example, promising the consumer for a prize or
reward.
Mainly it involves the forged sender’s address of the company and makes the
messages appear as if it comes from the company it claimed to be.
Such kind of attack contains the hyperlinks which will take the consumer to a
fraudulent website instead of the genuine links which are displayed.
It is observed that the fraud and spam email act is considered as the phishing because
mainly hackers use the email to communicate with the consumers and enter into their
networks and devices (Prakash et al. 2010). There are many real examples of phishing
attack such as malicious emails transferred from MailChimp account; GDPR related
phishing scams surface, and WhatsApp phishing attack.
There are many steps and instruction that can be used by the consumers to recognize
and handle the phishing attack which are the following:
Identify the fraud and spam links and emails from the networks which are sent
by the hackers
If consumer received unwanted link and reward link then block immediately
because these are the part of a phishing attack
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
CYBER SECURITY
6
To handle the phishing attack consumers can turn on security tools and identify
the spam emails from Email accounts (Herzberg & Jbara 2008).
Look but do not click on the traffic signals and fake links
Do not allow personal information and accessibility to their party application
Do not trust the header from the email address
There are several steps and methods that can be involved by the IT administrator to
minimize the phishing threats which are the following:
Use only authentic servers and networks
Do not click on fraud links and website
Install an anti-phishing tool
Check emails on regular basis and block the spam emails
Turn on two-step verification
Use firewall and antiviruses to protect data and information
Never allow personal information on a third party application
Conclusion
This report is completely based on the cyber-security threats and risks and readers can
enhance their skills and experience in the field of cyber-security. Southern Cross
University is using the password based system which is not much secure for which they
can adopt the certificate based authentication. This report described the risk associated
with the BYOD policy, certificate based authentication with their principle and anti-
phishing guidelines. The organization should adopt the firewall and antivirus to identify
the spam ad fraud mails from the server.
6
To handle the phishing attack consumers can turn on security tools and identify
the spam emails from Email accounts (Herzberg & Jbara 2008).
Look but do not click on the traffic signals and fake links
Do not allow personal information and accessibility to their party application
Do not trust the header from the email address
There are several steps and methods that can be involved by the IT administrator to
minimize the phishing threats which are the following:
Use only authentic servers and networks
Do not click on fraud links and website
Install an anti-phishing tool
Check emails on regular basis and block the spam emails
Turn on two-step verification
Use firewall and antiviruses to protect data and information
Never allow personal information on a third party application
Conclusion
This report is completely based on the cyber-security threats and risks and readers can
enhance their skills and experience in the field of cyber-security. Southern Cross
University is using the password based system which is not much secure for which they
can adopt the certificate based authentication. This report described the risk associated
with the BYOD policy, certificate based authentication with their principle and anti-
phishing guidelines. The organization should adopt the firewall and antivirus to identify
the spam ad fraud mails from the server.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY
7
References
APWG, 2018, How to Avoid Phishing Scams, Premium members, United State, viewed 30
January 2019, https://www.antiphishing.org/resources/overview/avoid-phishing-
scams
Black, P., 2005, ‘Phish to fry: responding to the phishing problem’, JL Inf. & Sci., vol. 16,
p.73.
Chaurasia, B.K., and Verma, S., 2011, ‘Infrastructure based authentication in
VANETs’, International Journal of Multimedia and Ubiquitous Engineering, vol. 6, no. 2,
pp.41-54.
Crossler, R.E., Long, J.H., Loraas, T.M. and Trinkle, B.S., 2014, ‘Understanding compliance
with bringing your own device policies utilizing protection motivation theory: Bridging
the intention-behavior gap’, Journal of Information Systems, vol. 28, no. 1, pp.209-226.
Herzberg, A. and Jbara, A., 2008, ‘Security and identification indicators for browsers
against spoofing and phishing attacks’, ACM Transactions on Internet Technology
(TOIT), vol. 8, no. 4, p.16.
Hong, J., 2012, ‘The state of phishing attacks’, Communications of the ACM, vol. 55, no. 1,
pp.74-81.
Hummen, R., Ziegeldorf, J.H., Shafagh, H., Raza, S. and Wehrle, K., 2013, ‘Towards viable
certificate-based authentication for the internet of things’, In Proceedings of the 2nd ACM
workshop on Hot topics on wireless network security and privacy, vol. 12, no. 2, pp. 37-42.
Moyer, J.E., 2013, ‘Managing mobile devices in hospitals: A literature review of BYOD
policies and usage’, Journal of Hospital Librarianship, vol. 13, no. 3, pp.197-208.
Prakash, P., Kumar, M., Kompella, R.R. and Gupta, M., 2010, ‘Phishnet: predictive
blacklisting to detect phishing attacks’, In INFOCOM, 2010 Proceedings IEEE, vol. 12, no.
2, pp. 1-5). IEEE.
7
References
APWG, 2018, How to Avoid Phishing Scams, Premium members, United State, viewed 30
January 2019, https://www.antiphishing.org/resources/overview/avoid-phishing-
scams
Black, P., 2005, ‘Phish to fry: responding to the phishing problem’, JL Inf. & Sci., vol. 16,
p.73.
Chaurasia, B.K., and Verma, S., 2011, ‘Infrastructure based authentication in
VANETs’, International Journal of Multimedia and Ubiquitous Engineering, vol. 6, no. 2,
pp.41-54.
Crossler, R.E., Long, J.H., Loraas, T.M. and Trinkle, B.S., 2014, ‘Understanding compliance
with bringing your own device policies utilizing protection motivation theory: Bridging
the intention-behavior gap’, Journal of Information Systems, vol. 28, no. 1, pp.209-226.
Herzberg, A. and Jbara, A., 2008, ‘Security and identification indicators for browsers
against spoofing and phishing attacks’, ACM Transactions on Internet Technology
(TOIT), vol. 8, no. 4, p.16.
Hong, J., 2012, ‘The state of phishing attacks’, Communications of the ACM, vol. 55, no. 1,
pp.74-81.
Hummen, R., Ziegeldorf, J.H., Shafagh, H., Raza, S. and Wehrle, K., 2013, ‘Towards viable
certificate-based authentication for the internet of things’, In Proceedings of the 2nd ACM
workshop on Hot topics on wireless network security and privacy, vol. 12, no. 2, pp. 37-42.
Moyer, J.E., 2013, ‘Managing mobile devices in hospitals: A literature review of BYOD
policies and usage’, Journal of Hospital Librarianship, vol. 13, no. 3, pp.197-208.
Prakash, P., Kumar, M., Kompella, R.R. and Gupta, M., 2010, ‘Phishnet: predictive
blacklisting to detect phishing attacks’, In INFOCOM, 2010 Proceedings IEEE, vol. 12, no.
2, pp. 1-5). IEEE.
CYBER SECURITY
8
Xue, K., Ma, C., Hong, P. and Ding, R., 2013, ‘A temporal-credential-based mutual
authentication and key agreement scheme for wireless sensor networks’, Journal of
Network and Computer Applications, vol. 36, no. 1, pp.316-323.
8
Xue, K., Ma, C., Hong, P. and Ding, R., 2013, ‘A temporal-credential-based mutual
authentication and key agreement scheme for wireless sensor networks’, Journal of
Network and Computer Applications, vol. 36, no. 1, pp.316-323.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.