CMP71001 Security Consultation Report: Risk Assessment and Mitigation

Verified

Added on 2022/10/11

AI Summary

This security consultation report, prepared for Southern Cross University's CMP71001 course, examines the risks associated with Bring Your Own Device (BYOD) policies and password-based authentication systems within an organization. The report assesses data leakage, management deficits, device infections, and weak policies related to BYOD. It proposes mitigation strategies such as mobile device management, remote data wiping, and VPNs. The report then explores certificate authentication as a more secure alternative to passwords, detailing its advantages and implementation. Finally, it addresses phishing attacks, their impact, and the importance of certificate-based verification over password-based systems. The report emphasizes the need for strong cybersecurity measures to protect sensitive information and maintain system integrity. References from various sources are included to support the analysis.

Running head: SECURITY CONSULTATION
SECURITY CONSULTATION
Name of the Student:
Name of the University:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
SECURITY CONSULTATION
Task 1:
Technological evolution in the industry has introduced an element in the business. This
element is known as the information system and it is responsible for organisation and collection
of data. The main components of the information system are Computer hardware, Computer
software, Telecommunication, Warehouses and databases and lastly the human resources and
procedures. Hardware and software are the basic requirements, whereas the telecommunications
are required for the establishment of the connection in the organisation. The next component of
the information system is the databases and the warehouses (Peltier, 2016). The databases stores all
the relevant information regarding the system, software, resources and requirements of the
organisation whereas the data is analysed with the help of the data warehouses. All the important
information are pooled together with the help of data warehousing. Lastly and most importantly,
human resources and the procedures are the component who run the entire system of information
with the help of certain procedure.
BYOD stands for Bring Your Own Devices. Now a days to increase the profit of the
organisation with the increment of the mobile devices in the system has increased. The
organisational employees are often asked to use their personal devices in order to work
efficiently (Bratthall Tideman, and Lindström, 2018). But there are certain risk that has to be
considered while using BYOD in an organisation. The risks are given below:
 Data leakage: The risk of data leakage looms at large due to the usage of the
personalized device. The employees may use their personal mail access or the
device may get stolen releasing the data to the world (Lin and Lin, 2017). At times
the personal devices may have malwares where the integrity of the data may be
compromised.

2
SECURITY CONSULTATION
 Management deficit: once the person owning the device is out of the
organisational premises then the control of the company over that employee is
lost.
 Device infection: Often applications are downloaded and installed without
reading to the terms and conditions of the app. These applications are capable of
scanning the device without the knowledge of the user. Hence the privacy of the
business data is at stake due to the infected device (Ratchford, 2018).
 Poor policies: The organisations interest in the BYOD is keen but the policies are
often weak and leads to major issues in the information system. HIPAA and PCI
DSS policies must be complied with the BYOD services else they should not be
implemented at all (Savchenko, 2015).
 Mixing up the personal and professional information: the mobile devices used in
the organisation are often used for the personal purposes of the user. Especially
the smart phones and tablets. The business information and the personal data
mixes up and the chances of data misplacements are high in such cases. Moreover
the personal devices are often used by more than one entity, in that case, the
security and confidentiality of the data is at risk (Teixeira, Sou, Sandberg and Johansson,
2015).
Mitigation of the risk:
The risk arising can however be mitigated or at least prevent with implementation
of the certain measures.
To prevent the data leakage in the system, mobile device management is the best
policy. In case of the device misplacement, remote wipe out of the data must be

3
SECURITY CONSULTATION
implemented in every device. The storage of the entire data in the company certified
cloud enhances the process of the data security in the system and the device in use. VPNs
can be used for ensuring further security to the data.
Monitoring the file for maintaining the integrity of the data operates at kernel
level. The IT department is notified as soon as any malware is detected in the device.
This allows the organisation to take action before the impact is faced by the network.
MDM or Mobile Device Management can gain control of the entire device from a
remote location and the optimal level of control can be ensured with the IT departmental
assistance (Laudon, and Laudon, 2016). With the correct tools and technologies used in the
BYOD security can be ensured. Moreover, usage of the organisational devices are
considered to be the safest.
Task 2:
The scheme of using public key cryptography in order to keep the information safe from
the attackers are known as the certificate authentication. These certificates are generated digitally
thus they are also termed as the digital certificates and are used to authenticate the user. When a
particular user ‘sign-in’ to the server the digital certificate consisting of the public key has to be
produced along with the authorised signature (Wei, 2016). The validity of the certificate is then
confirmed by the server and on the basis of that user’s possession of the private key to that public
key is determined and the access is then either granted or denied as per the detection.
The certificate authentication process is a very complicated process and are used by the
companies in order protect their data from the cyber-attacks. The traditional password log in
system is now vulnerable and can be easily tracked by the attackers with the help of the brute

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
SECURITY CONSULTATION
force attack. The passwords used by the users are often predictable and can be retrieved form the
server. Which makes them vulnerable to the hackers (Bahr, 2018). On the other hand, the
certificate authentication have several advantages over the password certification. The
authentication credentials are revoked centrally. User access to the servers can be controlled and
they are even stronger than the public key cryptography. With the implementation of the BYOD
policy, reduction of cost for the IT devices can benefit the company as the employee’s works on
their personal devices. The Employee satisfaction is attained with the usage of the BYOD (Tu,
Adkins and Zhao, 2019). The use of the cutting edge technology in the work field helps the company
to explore diverse technologies. Though there are certain issues in the BYOD policies, the
positive aspects of the policies cannot be completely unseen.
Task 3:
Phishing is basically a method that the identity of the theft that are carried out by the
make over of a website that is fraudulent. A hacker can use the fraudulent website which can
appear on the surface for looking the similar as the website that is legitimate. The organisation
South Cross University have recognized phishing as one of the digital revolutions that can be
dangerous for the organisation. The Phishing is basically a cybercrime where the objectives can
be accessed by phone, email or instant messages by somebody who stances as a real
establishment that so, as to draw people into giving information that are delicate, as example,
Visa card, passwords. The organisation has to utilize testament that are based confirmation
instead of secret passcode that is based validation since it gives a few advantages over the
verification that is the combination of secret words (Ratchford, 2018). The traditional password
log in system is now vulnerable and can be easily tracked by the attackers with the help of the
brute force attack. The passwords used by the users are often predictable and can be retrieved

5
SECURITY CONSULTATION
form the server. Which makes them vulnerable to the hackers (Bahr, 2018). The principle
contrast between them is that the secret phrase can approval that depends with respect to the
initial facts that are characterized and the client oversees them however the testament based
verification utilizes the privileged insights that are given and that are constrained by the server.
The confirmation that is secret word based uses the passwords and username so as to verify the
users yet in testament based validation, which is a carefully created endorsement for the
verification process.
The major highlights of the phishing include as follows:
 Request for showing data that are close to home. The majority of the organizations doesn't
request that their clients to give private information through messages.
 The need to keep the majority of the secret messages of phishing.
 The phishing messages begins the name of the client.
 The phishing messages can here and there contain connections that can have malware in
them.
 Bad spelling and syntax are a decent possibility that the messages of phishing may contain
spelling mistakes and awful language structure.
 The client should utilize a decent enemy of infection.
 The client should utilize spam messages of the email suppliers.

6
SECURITY CONSULTATION
References:
Bahr, N.J., 2018. System safety engineering and risk assessment: a practical approach. CRC
press.
Bratthall Tideman, J. and Lindström, J., 2018. Key components when utilising BYOD within
organisations-A framework for developing the BYOD policy.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education
India.
Lin, Y.C. and Lin, K.S., 2017. Exploring Factors Influencing BYOD Use. Transylvanian
Review, 1(8).
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Ratchford, M.M., 2018. BYOD: A Security Policy Evaluation Model. In Information
Technology-New Generations (pp. 215-220). Springer, Cham.
Savchenko, V.A., 2015. BRING YOUR OWN DEVICE POLICY AND WI-FI TECHNOLOGY
FOR MILITARY EDUCATIONAL ORGANIZATION. Modern Information Technologies in
the Sphere of Security and Defence, (2 (23)), pp.124-130.
Teixeira, A., Sou, K.C., Sandberg, H. and Johansson, K.H., 2015. Secure control systems: A
quantitative risk management approach. IEEE Control Systems Magazine, 35(1), pp.24-45.
Tu, C.Z., Adkins, J. and Zhao, G.Y., 2019. Complying with BYOD Security Policies: A
Moderation Model Based on Protection Motivation Theory. Journal of the Midwest Association
for Information Systems| Vol, 2019(1), p.11.