You can download the solution Decision Types – Assignment Collaboration With Google Drive for free. For further assistance in Information Technology Assignments please check our offerings in Information Technology assignment solutions. Our subject-matter experts provide online assignment help to Information Technology students from across the world and deliver plagiarism free solution with free Turnitin report with every solution.
(ExpertAssignmentHelp does not recommend anyone to use this sample as their own work.)
You are hired by Southern Cross University as a cybersecurity consultant to work on a security program to address the contemporary and emerging risks from the cyber threats the university is facing. Your tasks are the following:
Task 1: the university is currently using a password based authentication system to control the user access to the university's information system. However, the Bring Your Own Device (BYOD) policy recently implemented by the university has raised some security concerns. As a security consultant, assess the risk from the BYOD policy to the university’s information system.
Task 2: After the assessing the risk from the BYOD policy, you suggest the university to replace the current password-based authentication scheme with a Certificate-Based Authentication. To justify your suggestion, write a technical report to explain the working principle of the Certificate-Based Authentication mechanism and discuss why the university should use the mechanism in this case by comparing it with the password-based authentication mechanism. Use figure when necessary to support your answers.
Task 3: You have identify Spamming is among the top cybersecurity threats facing by the university. Use the Spam Act 2003 and available online resources to develop a guideline for the university students and staff to combat with the threat. The guideline will include the following:
- Definition of spam and its distinctive characteristics.
- At least three (3) real examples of spams showing the spam characteristics.
- An instruction to the users of how to recognise and safely handle a spam.
- An instruction to the IT administrator of how to minimize the spam threat.
The information system implemented on-premises in the Southern Cross University requires users to use user id-password combination for authentication. While there are devices provided by the university to access the information system, users are also allowed to bring their personal devices to access the system under the BYOD (bring your own device) policy adopted by the university. The BYOD policy of Southern Cross University is certainly convenient for the users and eliminates the need for university to provide devices to the users individually. However, using this policy is a threat for the security of university information system (Hovav & Frida, 2016). Following are the risks posed by such a policy at Southern Cross University:
- Stolen or lost devices: in the age of mobile and portable devices, it is very common for mobile communication devices such as smartphones and laptops to get stolen or lost. In majority of the cases, stolen computing devices are sold-off for the value of internal components however, the cases of computing devices getting stolen for information stored are increasing (Crossler, et al., 2014). If the university continues to retain its BYOD policy, then it is a possibility that some of these devices might get stolen and sensitive information regarding the university may end up in hands of unauthorized people.
- Little or no authentication: university cannot expect that all the users accessing the university information system using their own device have some kind of authentication process such as password protection for user verification. These devices can be used by anyone, authorized or not, to effortlessly gain access to the university information system (Chang, et al., 2014). Simple guessable passwords also pose the same threat to the information system of university. Devices with compromised security pose a serious threat of hacking and information theft from the university information system. This is another major issue with the BYOD policy adopted by the Southern Cross University.
- Lack of encryption: while the university can make use of encryption techniques to protect the information stored on the university provided systems, such a policy cannot be extended to the personal devices brought by users under the BYOD policy. Owners of these devices might keep their data unencrypted form while also communicating the data using unencrypted network connections, which are easy to eavesdrop and intercept inside the network (Singh, 2012). Non-encrypted data is in a plain-text format rather than coded format and therefore, this type of data storage used by individual users presents a threat to the information system of university (Chang, et al., 2014).