You are hired by Southern Cross University as a cybersecurity consultant to work on a security program to address the contemporary and emerging risks from the cyber threats the university is facing. Your tasks are the following:
Task 1: the university is currently using a password based authentication system to control the user access to the university’s information system. However, the Bring Your Own Device (BYOD) policy recently implemented by the university has raised some security concerns. As a security consultant, assess the risk from the BYOD policy to the university's information system.
Task 2: After the assessing the risk from the BYOD policy, you suggest the university to replace the current password-based authentication scheme with a Certificate-Based Authentication. To justify your suggestion, write a technical report to explain the working principle of the Certificate-Based Authentication mechanism and discuss why the university should use the mechanism in this case by comparing it with the password-based authentication mechanism. Use figure when necessary to support your answers.
Task 3: You have identify Spamming is among the top cybersecurity threats facing by the university. Use the Spam Act 2003 and available online resources to develop a guideline for the university students and staff to combat with the threat. The guideline will include the following.
Information system is a combination of software, hardware and telecommunications that people build and use to collect, create and distribute useful data, mostly in organizational settings (Elliott 2018)
Many organizations use data classification schemes such as internal, public data. Classification of components must be specific to allow determination of private levels. Categories must be mutually exclusive that is to say an asset must belong to only one category (Bello, Murray & Armarego 2017).
Coming up with questions will help develop the criteria for valuation of asset. Like which information asset is:
Information asset will be prioritized by creating weighting for each category based on the answers to questions. Calculate relative importance of each asset based on weighted factor analysis. List the assets in order of importance using a weighted factor analysis worksheet.
From the worksheet consumer order through SSL is the utmost valuable ability based on the weighted sums of the possessions.
A BYOD policy is a set of rules that govern an organization’s IT department level of support for employee owned smartphone and tablets. A BYOD policy consists of the preamble which includes the purpose of the policy which highlights the responsibility of the students and the staff. The policy consists of background information regarding BYOD. The policy highlights the objectives and also the scope that is the people it will involve. The BYOD policy consists of the second part which is the actions. This involves the actions of every individual from the students to the staff at the university and some of the actions come with conditions. The BYOD consists of a third part which is the acceptable equipment and communication use only which clarifies the devices that should be brought and some that are prohibited. Under this the policy also states that there will be no plagiarizing of intellectual property and copyright and clearly states the ethical behavior to be complied with by all those users of the devices including the students and the university staff.
A threat vulnerability assets (TVA) combines prioritized lists of assets and threats: List of assets is placed along the x-axis while list of threats is placed along the y-axis with the most dangerous threats at the top.
From the worksheet, there is vulnerability of asset 1 against the threat of threat 1. It is clear that the vulnerability of each asset to the threats posed is higher when more devices under BYOD are used to access the university information system which poses a big problem on the security of information in the system.
Certificate-based endorsement is the practice of a digital credential to identify a user, appliance, or gadget before allowing access to a resource or a linkage (Kawan et al .2017).In the case of user verification, it is installed in coordination with old-fashioned method of authentication such as keyword authentication (Bratthall & Lindstrom 2018).
One of the disadvantages is that certificate based authentication requires public key infrastructure which can increase the cost of initial deployment in some deployment (Hafeez 2018)
Another disadvantage is that the system of certificate based authentication is not an infallible one. This is because hackers can target authorities issuing the digital certificate in order to influence certificate data. Consequently, hackers create website or send emails that appear genuine plus cleared certification tests nevertheless are falsified since the certificate authority is compromised (Cho & Ip 2018).
Certificate based verification can occur on double sides: proof of a host or confirmation of a client. This means that if you need to validate a consumer, the consumer needs to have a document dispensed by a certificate consultant which the host confidences or if you need to authenticate a server the host needs to gain a certificate entitled its hostname and allotted by a credential authority which the client beliefs (Dashti & Radomirovic 2017).
Differences between certificate based authentication and password based authentication.
Users are prone to forget their passwords since passwords depend on on a part of the operator which tends to forget when handling security that is the human brain. Password strength might be improved by mandatory rules but those instructions are seen as a drain by the users who tend to forget the correct format of the password that is at least eight characters, at least one uppercase and lowercase letter. Besides, user certificates suggest a storage system which is secure plus is handled well compared with choosing a password (Hammad & Faith 2017)
Certificates use asymmetric cryptography which means that the certificate is supplied by a certification authority who assures the link between a physical distinctiveness and a cryptographic public key. The verifier might be a different object that can authenticate a link then use it to confirm the user without receiving the ability to mimic the user in contrast to a password in which whoever authenticates the password recognizes at some point the password. In addition passwords are prone to phishing assaults whereas certificates are not for the reason that of unevenness (Herrera, Ron & Rabadao 2017)
Certificates are complex hence they are expensive in that issuing and managing certificates is full of problems and is evidenced by any PKI vendor. PKI is about 5% cryptography and 95% procedures which shows it can be done but not cheaply. Also for user certificates, average users can learn to use client certificates for a HTTPS connection to a website, but at the cost of finding a way to ignore occasional warning popup, which makes them more vulnerable to some attacks. On the other hand, password based authentication is easy to integrate everywhere and does not involve some incompressible extra costs (Kalisiki, Sheth & Shyamsunder 2018).
Spam is known as the sending of unsolicited commercial electronic messages by SMS, email, MMS or instant messaging (Spam Act 2003).
Bacalao, E.J., Greene, G.J., Beaumont, J.L., Eisenstein, A., Muftic, A., Mandelin, A.M., Cella, D. and Ruderman, E.M., 2017. Standardizing and personalizing the treat to target (T2T) approach for rheumatoid arthritis using the Patient-Reported Outcomes Measurement Information System (PROMIS): baseline findings on patient-centered treatment priorities. Clinical rheumatology, 36(8), pp.1729-1736.
Bello, A.G., Murray, D. and Armarego, J., 2017. A systematic approach to investigating how information security and privacy can be achieved in BYOD environments. Information & Computer Security, 25(4), pp.475-492.
Bratthall Tideman, J. and Lindström, J., 2018. Key components when utilising BYOD within organisations-A framework for developing the BYOD policy.
Bucher, T., 2018. Cleavage-Control: Stories of Algorithmic Culture and Power in the Case of the YouTube “Reply Girls”. In A Networked Self and Platforms, Stories, Connections (pp. 141-159). Routledge.
Cho, V. and Ip, W.H., 2018. A Study of BYOD adoption from the lens of threat and coping appraisal of its security policy. Enterprise Information Systems, 12(6), pp.659-673.
Dashti, M.T. and Radomirovi?, S., 2017. An Anti-pattern for Misuse Cases. In Computer Security (pp. 250-261). Springer, Cham.
Elliott, J., 2018. Using Mobile Technology for Formative Assessment in the Classroom. In Handbook of Research on Mobile Devices and Smart Gadgets in K-12 Education (pp. 308-320). IGI Global.
Hafeez, Z.U.N., 2018. An enhanced digital investigation approach for verification of an offence under Pakistan cyber crime law-2016. MCS.
Hammad, A. and Faith, P., Visa USA Inc, 2017. Location based authentication. U.S. Patent 9,721,250.
Herrera, A.V., Ron, M. and Rabadão, C., 2017, June. National cyber-security policies oriented to BYOD (bring your own device): Systematic review. In Information Systems and Technologies (CISTI), 2017 12th Iberian Conference on (pp. 1-4). IEEE.
Kaliski Jr, B.S., Sheth, S. and Shyamsunder, K., VeriSign Inc, 2018. Integrated dns service provider services using certificate-based authentication. U.S. Patent Application 15/251,497.
Kawan, J.C., Chu, R.K.H., Golvin, C. and Tompkins, P., Citicorp Credit Services Inc (USA), 2017. Method and system for controlling certificate based open payment transactions. U.S. Patent 9,607,292.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2019). Cybersecurity Assignment. Retrieved from https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-assignment.
"Cybersecurity Assignment." My Assignment Help, 2019, https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-assignment.
My Assignment Help (2019) Cybersecurity Assignment [Online]. Available from: https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-assignment
[Accessed 15 December 2019].
My Assignment Help. 'Cybersecurity Assignment' (My Assignment Help, 2019) <https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-assignment> accessed 15 December 2019.
My Assignment Help. Cybersecurity Assignment [Internet]. My Assignment Help. 2019 [cited 15 December 2019]. Available from: https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-assignment.
Want to buy assignments online?. Myassignmenthelp is the right choice for getting top quality assignments on time and ridding you of the fear of failed grades. You get affordable papers from our best paper writing service. All the works are according to instructions and properly edited and proofread several times to ensure freedom from any kind of conceptual or language error. The works are delivered by the agreed upon time , at any cost. So be it homework/coursework help, research papers help, help with term papers, dissertation help, thesis help, you get it all at one place and that too of a superior quality. Join us Now.
Answer: Introduction One of the fundamental parts of any business or organization is the computer network. A computer network is an interconnection of different computing devices such as computers laptops, routers, access points, servers, switches, and other components for the purpose of communication and sharing of resources such as data, applications, and files (Zhuravlev, 2016). Since the network is a critical business requirement of the b...Read More
Answer: Introduction The specific data network or the computerized network can be defined as the digital telecommunications network, which enables various nodes to share several resources . These computer devices are responsible for exchanging the sensitive information or data with each other by taking the major help of few data connections in the nodes. These data connections can be easily established with the cable media such as wires, o...Read More
Answer: Introduction The purpose of this report is to discuss about the network of healthcare organisations. A detailed literature review discussing the network of a healthcare organisation is provided. The architecture of a healthcare network is provided in this report. A detailed discussion of the networking devices such as routers, firewalls, switches, and servers is provided in this report. The recent developments in the network of a heal...Read More
Answer: Introduction After a detailed investigation of the infrastructure of the organization and identification of the needs of the network the report is prepared. The current needs of the organization is to establish a VPN connection between remote sites of the same organization and securely transmission of the data packets in the network. The success of the development of the network depends on the successful implementation of the VPN. The V...Read More
Answer: Introduction: In this task the main objective is to perform task 1 and task 2 to have an insight about the time needed to write problems in different languages when written repeatedly. In particular at first 7 random students’ required time to write problem 1 in language A and B and problem 2 in language A is selected from a total of 14 students’ data. Then the average time is calculated for each attempt for the three task...Read More
Just share your requirements and get customized solutions on time.
Our writers make sure that all orders are submitted, prior to the deadline.
Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.
Feel free to contact our assignment writing services any time via phone, email or live chat.
Our writers can provide you professional writing assistance on any subject at any level.
Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.
Get all your documents checked for plagiarism or duplicacy with us.
Get different kinds of essays typed in minutes with clicks.
Calculate your semester grades and cumulative GPa with our GPA Calculator.
Balance any chemical equation in minutes just by entering the formula.
Calculate the number of words and number of pages of all your academic documents.
Our Mission Client Satisfaction
Excellent service done promptly and with maximum results! Couldn\'t of gone any smoother.
My assignment was completed on time and i got complete marks. IT WAS EXACTLY THE WAY I WANTED IT.
This was amazingly put together, I could not have asked for a better company to do my assignment. Delivered earlier than expected. Absolutely amazing.
thank you again, it is a good work, everything is perfect. I am very happy. It is not the first time and I know that I can count on you.