You are hired by University as a cybersecurity consultant to work on a security program to address the contemporary and emerging risks from the cyber threats the university is facing. Your tasks are the following:
Task 1: the university is currently using a password based authentication system to control the user access to the university's information system. However, the Bring Your Own Device (BYOD) policy recently implemented by the university has raised some security concerns. As a security consultant, assess the risk from the BYOD policy to the university's information system.
Task 2: After the assessing the risk from the BYOD policy, you suggest the university to replace the current password-based authentication scheme with a Certificate-Based Authentication. To justify your suggestion, write a technical report to explain the working principle of the Certificate-Based Authentication mechanism and discuss why the university should use the mechanism in this case by comparing it with the password-based authentication mechanism. Use figure when necessary to support your answers.
Task 3: You have identify Spamming is among the top cybersecurity threats facing by the university. Use the Spam Act 2003 and available online resources to develop a guideline for the university students and staff to combat with the threat. The guideline will include the following:
Definition of spam and its distinctive characteristics.
At least three (3) real examples of spams showing the spam characteristics.
An instruction to the users of how to recognise and safely handle a spam.
An instruction to the IT administrator of how to minimize the spam threat.
Task 1: BOYD risk assessment
To complete this task, use the following guidelines:
Identify the most critical components of the university's information system - the critical information assets.
Identify what threats the BYOD policy may bring to the identified critical assets.
Identify potential vulnerabilities of each asset against the identified threats.
Assess the risk to the university's information system using either quantitative or qualitative risk assessment approach and document the risk assessment process.
Task 2: Certificate-based Authentication
To complete this task, use the following guidelines:
Perform necessary research to understand the working principle, pros and cons of the Certificate-based Authentication mechanism. Document all reference sources.
Write a technical report to explain the working principle of the Certificate-based Authentication mechanism. Compare the certificate-based authentication against the password-based authentication and highlight the features you think are useful for combating the threats from the BYOD policy.
Note that you are not allowed to cut and paste from online resources. Use your own words and figures. Acknowledge all reference sources.
Task 3: Anti-spam guideline
To complete this task, use the following guidelines:
Read and understand Spam Act 2003. The Spam Act 2003 document is available at: https://www.legislation.gov.au/Details/C2016C00614. The Act will help you to define what type of electronic messages should be treated as spams, what are the distinctive characteristics of a spam and what act is considered as spamming?
Search for 3 representative examples of spams or use your own spams as examples.
Use samples from reputable online resources to help you with the development of spam handling instructions. The instructions should be clear, concise and precise.
It is not our intention to break the school's academic policy. Posted solutions are meant to be used as a reference
and should not be submitted as is. We are not held liable for any misuse of the solutions.
Please see the frequently asked questions page
for further questions and inquiries.
Kindly complete the form.
Please provide a valid email address and we will get back to you within 24 hours.
Payment is through PayPal, Buy me a Coffee
or Cryptocurrency.
We are a nonprofit organization however we need funds to keep this organization operating
and to be able to complete our research and development projects.