Reference no: EM132565822

Part Description

You are hired by Southern Cross University as a cybersecurity consultant to work on a security program to address the contemporary and emerging risks from the cyber threats the university is facing. Your tasks are the following:

Part 1: the university is currently using a password based authentication system to control the user access to the university's information system. However, the Bring Your Own Device (BYOD) policy recently implemented by the university has raised some security concerns. As there is no SCU BYOD policy given, you can include as one of your assumptions that the SCU BYOD policy was developed in line with the Australian Cyber Security Centre guidelines that have been provided. As a security consultant, assess the risk from the BYOD policy to the university's information system.

Part 2: After the assessing the risk from the BYOD policy, you suggest the university to replace the current password-based authentication scheme with a Certificate-Based Authentication. To justify your suggestion, write a technical report to explain the working principle of the Certificate-Based Authentication mechanism and discuss why the university should use the mechanism in this case by comparing it with the password-based authentication mechanism. Use figure when necessary to support your answers.

Part 3: You have identified Spamming is among the top cybersecurity threats facing by the university. Use the Spam Act 2003 and available online resources to develop a guideline for the university students and staff to combat with the threat. The guideline will include the following:
• Definition of spam and its distinctive characteristics.
• At least three (3) real examples of spams showing the spam characteristics.
• An instruction to the users of how to recognise and safely handle a spam.
• An instruction to the IT administrator of how to minimize the spam threat

Part 1: BOYD risk assessment

To complete this task, use the following guidelines:

Identify the most critical components of the university's information system - the critical information assets.

Identify what threats the BYOD policy may bring to the identified critical assets.

Identify potential vulnerabilities of each asset against the identified threats.

Assess the risk to the university's information system using either quantitative or qualitative risk assessment approach and document the risk assessment process.

Part 2: Certificate-based Authentication

To complete this task, use the following guidelines:

Perform necessary research to understand the working principle, pros and cons of the Certificate-based Authentication mechanism. Document all reference sources.

Write a technical report to explain the working principle of the Certificate-based Authentication mechanism. Compare the certificate-based authentication against the password-based authentication and highlight the features you think are useful for combating the threats from the BYOD policy.

Note that you are not allowed to cut and pastefrom online resources. Use your own words and figures. Acknowledge all reference sources.

Part 3: Anti-spam Guideline

To complete this task, use the following guidelines:

Read and understand Spam Act 2003. The Spam Act 2003

The Act will help you to define what type of electronic messages should be treated as spams, what are the distinctive characteristics of a spam and what act is considered as spamming?

Search for 3 representative examples of spams or use your own spams as examples.

Use samples from reputable online resources to help you with the development of spam handling instructions. The instructions should be clear, concise and precise.

Attachment:- Cybersecurity task.rar