Task 1: The university is currently using a password- based authentication system to control user access to the university's information system. However, the Bring Your Own Device (BYOD) policy recently implemented by the university has raised some security concerns. As a security consultant, assess the risk from the BYOD policy to the university's information system. (25 marks) Identify the most critical 5 (Five) components of the university's information system - the critical information assets. Identify five (5) threats the BYOD policy may bring to the identified critical assets. Identify potential vulnerabilities (at least one) of each asset against the identified threats. . Assess the risk to the university's information system using either a quantitative or qualitative risk assessment approach and document the risk assessment process. Do the cost benefit analysis for 2 years to recommend at least one (1) security measure againt each assest to mitigate the risk indentifed. Task 2: You have identified that Spamming is among the top cybersecurity threats faced by the university. Use the Spam Act 2003 and available online resources to develop a guideline for university students and staff to combat the threat. (16 marks) . Definition of spam and its distinctive characteristics. At least three (3) real examples of spam, show the spam characteristics. An instruction to the users on how to recognise and safely handle spam. An instruction to the IT administrator on how to minimize the spam threat. Task 3: Investigate and document the Australian legal requirements that SCU will need to comply with. (16 marks) What would be the consequence(s) for non- compliance for SCU? What is ethical behaviour and what ethical considerations may SCU have in their sector? What is the distinction between ethical behaviour and illegal behaviour? How does ethical behaviour relate to security positions within the SCU organization? Your report should have correct grammar and spelling: Well supported Arguments; Cite all reference sources (3 marks). Submission Format: There is no report template for this assignment. However, the report should be well presented in a standard report format (refer to online resources) and you must make use of adequate in-text references throughout your entire report. The report should be a minimum of 2000 words. Be creative in how you chose to communicate your findings. The report does not have to be a large collection of paraphrased text. Diagrams and tables are much more effective ways of communicating an idea or concept. The first page of the report should have your name, student ID, ISYS1002 Assignment 2, and the date you submit your assignment. When you have completed the assignment, you are required to submit your assignment in PDF/DOC format. The file will be named using the following convention: Filename= FirstinitialYourLastName_ISYS1002_A2.pdf (i.e. Falaei ISYS1002_A2.pdf) Marking Criteria: The rubric for this assignment is available on the MySCU site and will give the criteria for marking. The difference between a "Pass" and higher grades will be based on how much you look at the whole