You are hired by the organisation, such as Southern Cross University, selected in Ass1, as a cybersecurity consultant to work on a security program to address the contemporary and emerging risks from the cyber threats the organisation is facing. Your tasks are the following:
Task 1: the organisation is currently using a password based authentication system to control the user access to the organisation’s information system. However, the Bring Your Own Device (BYOD) policy recently implemented by the organisation has raised some security concerns. As a security consultant, assess the risk from the BYOD policy to the organisation's information system.
Task 2: After the assessing the risk from the BYOD policy, you suggest the organisation to replace the current password-based authentication scheme with a Certificate-Based Authentication for both device and user authentication. To justify your suggestion, write a technical report to explain the working principle of the Certificate-Based Authentication mechanism and discuss why the organisationsho uld use the mechanism in this case by comparing it with the password-based authentication mechanism. Use figure when necessary to support your answers.
Task 3: You have identified "Phishing" is among the top cybersecurity threats facing by the organisation. Use available online (e.g., Internet) resources to develop a guideline for the organisation staff to combat with the threat. Theguideline will include the following:
Definition of phishing and its distinctive characteristics.
At least three (3) real examples showing the phishing characteristics.
An instruction to the users of how to recognise and safely handle a phishing attack.
An instruction to the IT administrator of how to minimise the phishing threat.
The BYOD Policy at Southern Cross University
Cyber security, is a type of information security, is defined as the methods and practices designed to secure data from unlawful access, deletion and modification, mainly digital data (Shafqat and Masood 2016). The report focuses on the importance of cyber safety for the designated organization of the South Cross University. At first the major thefts on the used verification system are conferred, then it acmes on how to switch between the used validation system with a new certification based system and lastly the major disputes that are to be jagged out from the organisation and finally recommendation is provided by means of averting the issues.
The South Cross University is a renowned university in Australia. Each year thousands of university based information are stored in their database system. It is a major issue here to provide a secure information system (Afreen 2014.). According to the report, the organization currently uses an authentication system based on a password to validate access to its operators. The BYOD, which is the policy of bringing one’s own equipment applied by the organization, has a number of security issues and therefore some measures are taken to analyze the problems.
The age of cardinal information has brought new essentials to all association, including companies, academies or any further company. Five critical components of the evidence system used in almost every academia include processer hardware, software, databases, broadcastings and human resources and processes. The identification of any administration's critical assets is a significant part of providing retreat measures. (Lee Bagheri and Kao 2015). The major possessions are generally recognized by the practice of-
Ethical approval- including information related to investigation performance.
Judicial protections- where data necessities are met through agreements
Economic or radical assessment- includes facts that the establishment may not have recognized but already researched.
The outline of BYOD in the instructive association creates a new way of learning for students. The development of transportable light load devices and wireless statement systems has altered people 's interactions. Reports have shown that the use of computer devices by university students for improved productivity and performance has increased. The BYOD policy executed at the campus applies to all staffs, employees and students who bring their personal equipment to work.
The BYOD policy of Southern Cross University denotes to scholars who bring their own expedients to the oration hall to record sessions, participate in class surveys, take transcripts and record hypothetical data (Bertino 2016). BYOD 's growing tendency has directed to the approval of M-learning amongst students, still there are major security issues that are being faced by the policy system. The liabilities of BYOD procedure include-installation of mischievous applications on BYOD. University undergraduates are the prime user of communal podiums online and there is a high chance of being attacked by malicious software.
Critical Components of Information System in Southern Cross University
Downloading unintentional malware not only disturbs the policies but also gets extended to the entire association via diverse grids.
Use of unknown mobile operative systems -Gaming is a communal practice for thousands of years. While gamming, students use rooting to restrict the native OS safekeeping features and allow their OS to be installed for free, that are limited by evasion (Park et al. 2014). As a result, unauthorized mobile OS is stimulated and their policies are connected to the entire organization's property network.
Dearth of security control -Bring Your Own policy allows students to store their own devices which include important credentials, but these badges are not protected and are visible to interlopers due to insecurity. By any malicious activity, hackers can easily steal information causing effect to the organization (Fulton 2017).
As a result of security glitches with the policy, there may be different pressures to the organization. Since students as well as the staff tends to open malevolent sites via their plans, the network of organizations can also be affected and valuable information about the organization can be violated. A certificate-based authentication system for both user and device validation is recommended.
The certificate authentication system is built on a user's cardinal certificate. It's much sturdier than the authentication system based on the password. A documentation is used in this scheme to authenticate a client during SSL (Memon et al. 2014). It authenticates a user's access to a server by exchanging an authentication certificate before using any data.
The authentication system based on certificates uses the theory of a digital sign and a random challenge. Certificates are gained by the certificate consultant known as the entity. The major element of each certificate is the amalgamation of both private as well as the private key. A print of every permit is saved on the server as well. As soon as a user validates, they send a employer identification to the server that is squared and the server sends the user a haphazard encounter (Pandya 2015). The operator then contacts his personal key from the certificate folder and randomly encrypts the encounter. The challenge will be sent to the system’s server that has the consistent public keys and the user’s certificate. The random challenge is then decrypted by the server with the public key and links of the tasks hence attained and if they proved to be same then the user is validated.
Security Issues with BYOD Policy
Cons- While using SSL, time is the main issue while running the HTTP basic
Pros- 1. It is very convenient to use the system
- The method for encryption used in the system allows the patron to use fewer code for execution.
- It is possible to recover the data from the server with only one call.
While using a password-based authentication system, a strong password recommendation frequently arises because the user does not memorize a hard password. On the other hand, certificates are issued by the server in certificate-based authentication only using the identification and a copy of this is stored on the database itself. There is no password-based scheme cryptography, but the certificate-based authentication provides disproportionate cryptography that guarantees the connection amongst the physical identity and public key.
When attackers try to capture our sensitive data, cybersecurity fears increase every day. Cyber-attacks in scholastic center can prime to the failure of the whole organization's groundwork leading to data breaches.
The major cyber intimidations, which are reportedly faced by edifying institutions, are
- Insider threat
- Phishing attacks
- Ransomware attack
Phishing attack is one of the major issue that are being faced by the Southern Cross University. The phishing attack includes installation of spiteful application by the pupils which lead to this kind of theft upsetting the data rupture of the entire assosciation (Chaudhry J and Rittenhouse 2016).
Characteristics of phishing:
Different phishing practices used by attackers to snip evidence from academies and other organizations include-
- Trojan installation through an e-mail attachment also leads to information breaches.
- The majority of the Phishing attacks occur when students attempt to contact websites that seem to be trustworthy for requesting particular information.
- By means of implanting a link within an email invaders try admittance to delicate information.
Examples of Phishing:
Phishing threats have been reported in several other universities including-
- Phishing threat in Mexico University (Ahn Kim and Chung 2014)
- Phishing threat at Michigan University (DeSmit et al. 2016).
- Phishing threat at McEwan University
Techniques to handle phishing:
Phishing attacks in educational establishments can be prohibited by techniques such as
- Education of university staff and students, training with examples of mock phishing.
- Making use of spam filters to detect virus when students have entree to unidentified websites.
- Every information system used by the organization must be pre-installed with the latest security patches.
- Authenticate student Id before any activity of the institution proceeds.
Thus the report can be concluded by the knowledge that colleges need to substitute their authentication arrangement as a degree to prevent cyber terrorizations with a more unpretentious authentication system based on certificates. Students including the management system need to have basic understanding of the issue of phishing in the society and hence protect the credentials deposited in the database of the organization.
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Caelli, W.J. and Liu, V., 2018. Cybersecurity education at formal university level: An Australian perspective. In Journal for the Colloquium for Information Systems Security Education(Vol. 5, No. 2, pp. 26-44). CISSE.
Lee, J., Bagheri, B. and Kao, H.A., 2015. A cyber-physical systems architecture for industry 4.0-based manufacturing systems. Manufacturing Letters, 3, pp.18-23.
Afreen, R., 2014. Bring your own device (BYOD) in higher education: opportunities and challenges. International Journal of Emerging Trends & Technology in Computer Science, 3(1), pp.233-236.
Bertino, E., 2016. Security threats: protecting the new cyberfrontier. Computer, (6), pp.11-14.
Park, M.W., Choi, Y.H., Eom, J.H. and Chung, T.M., 2014. Dangerous Wi-Fi access point: attacks to benign smartphone applications. Personal and ubiquitous computing, 18(6), pp.1373-1386.
Fulton, J., 2017. Digital natives: The millennial workforce's intention to adopt bring your own device (Doctoral dissertation, Capella University).
Memon, I., Mohammed, M.R., Akhtar, R., Memon, H., Memon, M.H. and Shaikh, R.A., 2014. Design and implementation to authentication over a GSM system using certificate-less public key cryptography (CL-PKC). Wireless personal communications, 79(1), pp.661-686.
Pandya, D., Narayan, K.R., Thakkar, S., Madhekar, T. and Thakare, B.S., 2015. An overview of various authentication methods and protocols. International Journal of Computer Applications, 131(9), pp.25-27.
Chaudhry, J.A., Chaudhry, S.A. and Rittenhouse, R.G., 2016. Phishing attacks and defenses. International Journal of Security and Its Applications, 10(1), pp.247-256.
DeSmit, Z., Elhabashy, A.E., Wells, L.J. and Camelio, J.A., 2016. Cyber-physical vulnerability assessment in manufacturing systems. Procedia Manufacturing, 5, pp.1060-1074.
Ahn, S.H., Kim, N.U. and Chung, T.M., 2014, February. Big data analysis system concept for detecting unknown attacks. In Advanced communication technology (ICACT), 2014 16th International Conference on (pp. 269-272). IEEE.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2020). The Essay On Certificate-Based Authentication System For Cybersecurity In Southern Cross University Is Crucial.. Retrieved from https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-policy.
"The Essay On Certificate-Based Authentication System For Cybersecurity In Southern Cross University Is Crucial.." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-policy.
My Assignment Help (2020) The Essay On Certificate-Based Authentication System For Cybersecurity In Southern Cross University Is Crucial. [Online]. Available from: https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-policy
[Accessed 29 February 2024].
My Assignment Help. 'The Essay On Certificate-Based Authentication System For Cybersecurity In Southern Cross University Is Crucial.' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-policy> accessed 29 February 2024.
My Assignment Help. The Essay On Certificate-Based Authentication System For Cybersecurity In Southern Cross University Is Crucial. [Internet]. My Assignment Help. 2020 [cited 29 February 2024]. Available from: https://myassignmenthelp.com/free-samples/cmp71001-cybersecurity-policy.