Cybersecurity Report: BYOD Risks, Certificate Authentication, and Spam

Verified

Added on 2020/12/09

AI Summary

This report provides a comprehensive analysis of cybersecurity challenges, focusing on the risks associated with Bring Your Own Device (BYOD) policies within the context of Southern Cross University's information systems. It assesses the vulnerabilities introduced by BYOD and proposes a shift towards certificate-based authentication as a more secure method. The report details the working principles of certificate-based authentication, highlighting its advantages over password-based systems, such as enhanced data encryption and user verification. Furthermore, it addresses top cybersecurity threats, including spam, and outlines anti-spam measures. The report also includes a quantitative and qualitative risk assessment of the BYOD policy, and provides a conclusion summarizing the findings and offering recommendations for improving cybersecurity practices. This report is a valuable resource, and can be found on Desklib, a platform offering past papers and assignments for students.

CYBERSECURITY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................1
Assessment of risk from Bring Your Own Device (BOYD) policy to university's information
system.........................................................................................................................................1
TASK 2............................................................................................................................................2
Working principle of the Certificate Based Authentication mechanism....................................2
TASK 3............................................................................................................................................3
Top Cybersecurity Threats and Anti-Spam................................................................................3
CONCLUSION...............................................................................................................................3
REFERENCES................................................................................................................................4

INTRODUCTION
Cybersecurity is one of the greatest challenges among all the internet users across world.
It is considered as the protection in which systems are protected against the unauthorised users.
This report will describe alteration of cyber policies by applying more secured authentications.
Study will also provide some measures for protecting systems from spamming activities. It will
include the risk assessment threats involved in cybercrimes as well.
TASK 1
Assessment of risk from Bring Your Own Device (BOYD) policy to university's information
system
Cybersecurity is a major area of concern which greatly influences the functioning of all
commercial enterprises. The university deals with a large amount of confidential data on a
regular basis. So, management of college need to focus towards the security concerns of this
huge information. Being a consultant of Southern Cross University, one has to be familiar with
the working policies of university (Dua and Du, 2016).
Critical components of university's information system are considered as tools and
practices which are required in identifying the threats of cybersecurity. Such components include
the physical security of information assets that support national and economic data. A
vulnerability assessment is used to identify the problems which may be responsible for exposure
of information and predicting the measures which prevent resources from attacks.
Since this entity uses password authentication security so, management has realised that
it is not an effective method to restrict unauthorised user to access information. This university is
using BYOD policy to protect the data from criminals. But recently, it was found that this policy
has raised great concerns for maintaining secured data. So, as a technical advisor of the college,
one has advised management to change this security policy with certificate based authentication
mechanism.
Change in the technological policies of this campus requires critical analysis in which
consultant has to implement strong plans to protect university from huge fraudulent activities
(Singer & Friedman, 2014). In recent days, password authentication system is proved to be
ineffective cybersecurity plan as it was found that information is accessible by many users and
1

some of them are found unauthenticated users of the particular data. So, there are following
quantitative and qualitative risk assessment approaches available such as:
Type of risk Frequency Frequency Total Frequency
Loss of
information
3 1 3 Moderate
Public disclosure 2 1 2 Acceptable
Installation of
antivirus
applications
3 2 6 High
Leakage of
private
information
3 1 3 Moderate
 This mechanism faces the basic challenges, that is, unsecured and loss of private
information.
 Public exposure is one of the greatest consequences found amongst all.
 Installation of various malicious applications promotes the criminal activities (Dua & Du,
2016). This will be helpful in stealing the confidential information.
 Loss of data and leakage of personal information are the basic disadvantages of using
BYOD policy.
TASK 2
Working principle of the Certificate Based Authentication mechanism
Working principle allows various users to securely access data and information through
exchange of digital certificate. Exchange of certificates help server in identifying the
authenticated user and it will prevent the cyberattacks. This policy provides more data security
as compared to other cybersecurity concerns. The working principle of Certificate based security
ensures the certified authorities to access the data as it unlocks the data using private key and
encrypts it (Massey, 2017). It helps in prevention of confidential data from various malicious
practices such as phishing and man-in-the-middle (MITM) attacks.
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Certificate based concept includes following pros like it is highly certified and provides access
of data to authorised users. It maintains the data in encrypted form and asks for private key to
unlock information. There are various cons included in certificate based concept like it requires
personal identity of user. Also, it is very costly method and it needs certified authority.
To overcome the threats of previous concept advisory consultant of Southern Cross
University is planning to apply strong cyber securities in order to build spam free management
entity (Hebert & et.al., 2017). There are many issues which can be resolved by using certificate
authentication. Such issues are as follows:
 It uses private key and certificate in identifying the user which is considered as the most
secured way among both. Whereas, password based authentication policy uses username
and password to provide access to users.
 Certificate authentication policy encrypts the private information whereas, password-
based authentication adopted by BYOD concept do not use encrypted form of data and it
seems ineffective in protecting data from cyberattacks.
 This provides certified authority to users while, on the other hand, password-based
authentication method is not certified and non-suitable cybersecurity for big enterprise
(Kruse & et.al. 2017).
 Under, certificate authentication policy, server asks for private key to unlock the security
while, in password concept, it is not mandatory to provide personal identification.
TASK 3
Top Cybersecurity Threats and Anti-Spam
Spam is basically an unwanted practice which is arrived by emails or any repeated
advertise while using internet. Spamming is a flow of electric mails which can bring virus in
systems. It might be cost free practice as it does not acquire any charge but if it contains virus
and junk emails which can harm the potential storage, it can be responsible for destruction of
confidential information. It may harm the potentialities of the system. This may also be
responsible for decreased speed of internet and it negatively affects the communication abilities
of users. However, it is not a lengthy or a difficult process but its consequences are more drastic
(Keller, 2016). These are referred as unsolicited email messages which can be transmitted
3

through various ways and then affects the computer system instantly (Federal Register of
Legislation, 2018).
Spam Act was introduced by the Australian parliament at 12th December 2003 which is
aimed at prohibiting the arrivals of such unsolicited emails (Gordon & et.al. 2015). This act has
passed various laws regarding the malicious practices which are frequently adopted by criminals
with the intention of stealing confidential and secured data. This act established a law against the
formulation of spam mails. These mails may be commercial or electronic.
These spams can be identified by their nature and unknown sender of mail. To eliminate
these cybersecurity threats, one has to identify the main virus affected file. After the appropriate
identification of suspicious file, receiver has to report the mail system security response.
Individual has to install various auto protect applications to avoid such types of malicious
practices which affect the security of information (Ventures, 2015). Infected systems can be
identified by various activities such as speed capacity of the computer. If virus anyhow enters in
the system through mail or any other sources then it frequently affects the system’s potentialities
to open files and folders. This threat can be harmful for the information as it mighty destroy the
secured information as a whole.
CONCLUSION
The above source of information has provided various measures to prevent the data from
cybercrimes. It had also focussed on the malicious practices which are adopted by criminals to
steal information. This study had also mentioned various security threats to cybersecurity like
spyware, phishing, hacking etc.
4

REFERENCES
Books and Journals
Singer, P. W., & Friedman, A. (2014). Cybersecurity: What everyone needs to know. Oxford
University Press.
Dua, S., & Du, X. (2016). Data mining and machine learning in cybersecurity. Auerbach
Publications.
Massey, D. (2017, November). Applying Cybersecurity Challenges to Medical and Vehicular
Cyber Physical Systems. In Proceedings of the 2017 Workshop on Automated Decision
Making for Active Cyber Defense (pp. 39-39). ACM.
Hebert, A. J. & et.al. (2017). Lock_Out: A Cybersecurity MQP and Game.
Kruse, C. S. & et.al. (2017). Cybersecurity in healthcare: A systematic review of modern threats
and trends. Technology and Health Care.25(1). 1-10.
Keller, N. (2016). Commission on Enhancing National Cybersecurity.
Ventures, C. (2015). Cybersecurity market report. Accessed March. 5.
Gordon, L. A. & et.al. (2015). The impact of information sharing on cybersecurity
underinvestment: a real options perspective. Journal of Accounting and Public
Policy. 34(5). 509-519.
Online
Digital Business Requires Cybersecurity. 2018. [Online]. Available through:
<https://www.gartner.com/en/information-technology/insights/cybersecurity?
utm_source=cpc&utm_medium=google&utm_campaign=RM_GB_2018_ITL_CPC_SE
M1_RISK-MIT-CYBER-
SEC&gclid=EAIaIQobChMI9Zyy0tHY3QIVzDUrCh2yig5MEAAYASAAEgIKA_D_B
wE>.
Federal Register of Legislation. 2018. [Online]. Available
through:<https://www.legislation.gov.au/Details/C2016C00614>
5