BYOD-Insure: A Security Assessment Model for Enterprise BYOD

As organizations continue allowing employees to use their personal mobile devices to access the organizations’ networks and the corporate data, a phenomenon called ‘Bring Your Own Device’ or BYOD, proper security controls need to be adopted not only to secure the corporate data but also to protect the organizations against possible litigation problems. Until recently, current literature and research have been focused on specific areas or solutions regarding BYOD. The information associated with BYOD security issues in the areas of Management, IT, Users and Mobile Device Solutions is fragmented. This research is based on a need to provide a holistic approach to securing BYOD environments. This dissertation puts forth design science research methods to develop a comprehensive security assessment model, BYOD-Insure, to assess the security posture of an organization’s BYOD environment. BYOD-Insure aims to identify security vulnerabilities in organizations that allow (or are planning to adopt) BYODs. The main questions this research aims to answer are: 1) In order to protect the enterprise and its corporate data, how can an organization identify and mitigate the security risks associated with BYOD? 2) How can a holistic approach to security strengthen the security posture of BYOD environments? BYOD-Insure is composed of 5 modules that, in tandem, use a holistic approach to assess the security posture of the four domains of BYOD environments: assessment of management (BYOD-Insure-Management), assessment of IT (BYOD-Insure-IT), assessment of users’ behavior/security (BYOD-Insure-User), and assessment of the mobile device security adopted by the organization (BYOD-Insure-Mobile). The combined results of the 4 domains provide the overall security posture of the organization (BYOD-Insure-Global). The evaluation process for this model is based on a design science method for artifact evaluation. For BYOD-Insure, this process involves the use of descriptive scenarios to describe different types of BYOD security postures. This entails a detailed description of scenarios that depict low, moderate and high security postures with respect to BYOD. The results, for a particular organization, show the security controls that need to be strengthened, and the safeguards recommended. The BYOD-Insure assessment model helps answer the research questions raised in this study

Toward Open and Programmable Wireless Network Edge

Increasingly, the last hop connecting users to their enterprise and home networks is wireless. Wireless is becoming ubiquitous not only in homes and enterprises but in public venues such as coffee shops, hospitals, and airports. However, most of the publicly and privately available wireless networks are proprietary and closed in operation. Also, there is little effort from industries to move forward on a path to greater openness for the requirement of innovation. Therefore, we believe it is the domain of university researchers to enable innovation through openness. In this thesis work, we introduce and defines the importance of open framework in addressing the complexity of the wireless network. The Software Defined Network (SDN) framework has emerged as a popular solution for the data center network. However, the promise of the SDN framework is to make the network open, flexible and programmable. In order to deliver on the promise, SDN must work for all users and across all networks, both wired and wireless. Therefore, we proposed to create new modules and APIs to extend the standard SDN framework all the way to the end-devices (i.e., mobile devices, APs). Thus, we want to provide an extensible and programmable abstraction of the wireless network as part of the current SDN-based solution. In this thesis work, we design and develop a framework, weSDN (wireless extension of SDN), that extends the SDN control capability all the way to the end devices to support client-network interaction capabilities and new services. weSDN enables the control-plane of wireless networks to be extended to mobile devices and allows for top-level decisions to be made from an SDN controller with knowledge of the network as a whole, rather than device centric configurations. In addition, weSDN easily obtains user application information, as well as the ability to monitor and control application flows dynamically. Based on the weSDN framework, we demonstrate new services such as application-aware traffic management, WLAN virtualization, and security management

ACUTA Journal of Telecommunications in Higher Education

In This Issue President\u27s Message From the ACUTA CEO Advertiser Index Cables and the Cloud Snapshot: Spending Update High Expectations for the Campus Network NMSU Builds a Better VoIP LAN Harvard Turns to Technology for Teacher Evaluations Online Education: Interesting but Not Transformational? Campus Innovation and the lnternet of Things Face lt...Google Glass ls Coming Your Way Bandwidth 101 2013 lnstitutional Excellence Awar

Software-defined zero-trust network architecture : Evolution from Purdue model -based networking

Digitalization has brought many technological developments which improve the business operations on many industries. In recent years, the drive towards service based solutions has superseded the locally managed solutions towards vendor managed solutions that are managed through the Internet. Unfortunately, the architecture, and the infrastructure which it is based on, have not developed at the same pace. This has led to organizations undermining the architecture and policies designed for it. Therefore, a modern architecture is needed with the capability of supporting these uprising technologies. The objective of this thesis was to find out if Purdue model works as a valid reference architecture for building networks in today’s standards, and if it needs to be replaced, what would be the alternatives. To answer the research question, it was first investigated whether Purdue model can be used for modern network architecture. After that, a literacy review was performed to see what some of the current and modern recommendations are. The literacy review also included research on what some of the current threats to digital platforms are, and how cybersecurity is engineered. It was discovered that zero trust architecture and software defined solutions enhance the overall security and management of the operating environments. The thesis concludes with a logical reference architecture for networks as a suggested solution. The suggested solution is a new network architecture that implements the elements of zero trust and uses software defined networking to manage the underlying infrastructure

Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects, v1

This document is a product of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC). CTSC is supported by the National Science Foundation under Grant Number OCI-1234408. Any opinions,findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation

SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization

Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks, infrastructure and users at risk. We developed and evaluated SAFER, an IoT device risk assessment framework designed to improve users' ability to assess the security of connected devices. We deployed SAFER in a large multinational organization that permits use of private devices. To evaluate the framework, we conducted a mixed-method study with 20 employees. Our findings suggest that SAFER increases users' awareness of security issues. It provides valuable advice and impacts device selection. Based on our findings, we discuss implications for the design of device risk assessment tools, with particular regard to the relationship between risk communication and user perceptions of device complexity

Platform Embedded Security Technology Revealed

Computer scienc