Aim of the project
The main aim of this project is to propose the creation of a software having email security features such as Sender Policy Framework (SPF), Domain-based Message Authentication, Reporting and
Conformance (DMARC) and DomainKeys Identified Mail (DKIM).
The objectives this project is as followings:
- To enhance network security control of organizational networks.
- To design and develop an email security assistant with the allocated budget and 6 month’s time.
- To take the opinion of experienced network security advisors to determine the non-functional and the functional requirements of the software.
- To align the newly created software with the business objectives of the organization.
- To track the progress of this software development project after each phase has been completed.
There are different categories of network security issues which is a source of concern for different business enterprises such as the threat coming from unauthorised access, distributed denial of service, Man in the middle attack, SQL injection attack, and the threats coming from the insiders (Andrei, 2018).
This project shall help these organizations to have a security cover against the threats which are conducted using email such as phishing emails. Most of the security measures which are considered by the business enterprises are restricted to Intrusion Detection System and Bring Your Own Device policy, and there are numerous gaps in the current business processes. The conduction of this project shall be helpful in addressing the current gap of the network security practices. The project aims to create an advanced software with advanced features such as SPF, DMARC and (DKIM) so that organizations are secured from the network security threats. Meeting the objectives of this project shall be helping in the creation of an effective tool which can determine the network security threats coming from email.
According to Deccio et al. (2021), it is much significant to comprehend whether the server includes RTR record and reverse DNS, as it helps in understand the current security status of the network. The literature stated that the capabilities of the social engineers is increasing every year with the advancement of new technologies, hence a secure gateway is required to increase the security of the network. The literature also stated that maintaining the security of email data is much significant for the growth of the business organizations. The literature stated that there are different categories of Cybersecurity laws and regulations which needs to be considered during the development of a network security software such as the NSW Crimes Act 1900, security of Critical Infrastructure Act 2018, and Australian Privacy Principles. Each of these regulations needs to be considered during the development and working phase of email security assessment.
Based on the discussions of Kahraman (2020), suspicious emails are sent by the social engineers for the conduction of a phishing attack. The literature highlighted that ensuring email security is much crucial for the business growth of the organization. The literature stated about the different categories of email authentication techniques which can help in preventing the social engineers from sending malicious links via email such as SPF. The framework can be much useful for the organization to authenticate all the emails which comes from outside the organizational network. The emails get to the reputation database only when it is authenticated by the SPF record lookup. The following illustration can be useful in comprehending the mechanism of this email authentication technique.
Figure 1: Mechanism of SPF
(Source: Tan, 2018)
The main strength of this literature is the detailed description of the mechanism of this framework, whereas the absence of the discussions of limitations of this framework is the weakness of this literature.
Objectives of the project
As discussed by Deccio et al. (2021), there are different categories of protocols which needs to be deployed in business organizations so that they can be secured from the data security threats coming from both outside or inside the organization such as DMARC. The literature stated that this email authentication policy can help in addressing issues such as authentication failures which is initiated by the social engineers. These protocols are useful in monitoring the protection of the organizational domain from the fraudulent email. Deliverability of emails from the legitimate email senders can be enhanced using this protocol as well as per the discissions of the literature. Supporting the above discussion, Scheffler et al. (2018), most of the spoofing activities associated to the email facilities can be improved in the first place using protocols such as DMARC. The literature also stated that the presence of other protocols which can help in improving security of the organizational domain. The literature stated that this protocol is aligned to the anti spoofing technology. The prime strength of this literature is the detailed description of the benefits of DMARC such as increased security cover, visibility of the network, and increased identity. The security provided by this protocol can be much helpful in check and preventing the malicious mails which are shared from the social engineers as per the discussions of the literature. Scholars of this literature also stated that security attacks such as ransomware, crypto jacking, data leakage and different categories of escalation exploitation can be restricted in the first place using this protocol. The literature helped in comprehending that there are different categories reports which can be obtained from this framework which can help in understanding the security threats coming from the third party of the business organizations (Reed & Reed, 2020). The literature helped in comprehending some of the limitations which are associated to DMARC as well such as its technical complexity and its inability to detect Artificial Intelligence based spoofing attacks. When an email fails both SPF and DKIM alignment, DMARC also fails as per the discussions of the scholars of this literature. The drawback of this literature is the lack of critical analysis of the discussions of the scholars.
Supporting the above discussion, Thompson (2019), highlighted that aggregate report and forensic reports are the two different reports formats which are generated from the DMARC reports. Aggregate reports help in identifying the statistical data and helps in the authentication of the emails coming from an outside network. Forensic reports are useful in trouble shooting the organizational domain and help in addressing issues such as authentication difficulties. Thus, from this literature, it can be comprehended that DMARC protocol is much significant in addressing the network security threats coming of business enterprises. The report generating ability of the DMARC policy can help business organizations in accepting, rejecting and quarantining emails coming from the social engineers. The entire functionality of the policy can be comprehended from the below pictorial illustration.
Figure 2: Mechanism of DMARC
Background of the study
(Source: Al Maqbali & Mitchell, 2018)
On the other hand, as elaborated by Draper-Gil & Sanchez, (2019), there are numerous standards which can help in the protection of the threat coming from the spoofing emails, phishing emails and other spamming activities. The scholars of this literature stated that digital signature is associated to authentication techniques such as DKIM. This internet standard is much useful in verifying the public key of the sender of the phishing emails. The literature also helped in comprehending some that this standard is always aligned with most of the network security standards maintained by business organizations. However, there are few drawbacks of this standard as well, this standard cannot help in preventing vector attacks.
As mentioned by Rahmad, Suryanto & Ramli (2020), introduction of an email security assistant can help business organizations in reducing the chances of network infiltration. The literature stated that concepts of machine learning need to be considered while developing this software. The literature stated that this software is usually developed on decentralized platforms. Accuracy of this software is always on the higher side which helps in maintaining consistency in the network security. Human intervention is minimised with the introduction of the email security assistant in business organizations. Hence, from this literature it can be said that this software is useful minimising the threat coming from the network security threats. Each of these literatures are much relevant with the topic of this project as was helpful in comprehending the scope of this software from different perspective.
There are different categories of methodologies which are needed to be considered for meeting the objectives of the project.
Design: There are different categories of research designs which are considered in research projects such as exploratory, explanatory and descriptive design (Deccio et al., 2021). In this project, descriptive design shall be considered as the product of the project shall be used to gather networking information of an organization. The selection of this design shall be allowing the researcher to analyse both quantified and the non quantified issues which are associated to network security. This design is also useful for the researcher to conduct two different categories of data collection methods in this project. The findings of this research can be used in the decision making processes of any business organization. Thus, it can be said that the selection of this design is justified in this project.
Philosophy: There are numerous philosophies which are considered in research projects such as pragmatism, positivism, realism and interpretivism. In this project, interpretivism shall be the chosen philosophy. This philosophy is much useful in comprehending the usefulness of the email security assessment software and the ethical consideration associated to it. The selection of this philosophy shall be helping the researcher to consider the complex social phenomenon associated to email security assistant software. Observation of the scholars of relevant literature can also be considered in this project due to the selection of this philosophy (Panchenko & Samovilova, 2020). Thus, it can be said that the selection of this philosophy is much appropriate for this project.
Review of literature
Data collection: There are two categories of data gathering techniques which are associated to research studies such as the secondary and primary techniques (Andrei, 2018). In this project, both these two categories shall be considered for fulfilling the objectives of the study, hence this project shall be having a mixed methodology. Primary data shall be gathered from experienced network security advisors in Australia using an online survey which shall be conducted by the researcher. A structured questionnaire shall be created and distributed among the participants using Google Form. On the other hand, secondary data shall be gathered from relevant journal articles which shall be considered from open data sources such as Google Scholar. Better accuracy and addressing the exact research issue are the two major advantages of primary data gathering procedure, on the other hand, considering primary data shall help the researcher of this study to have a higher level of control in this project. Updated information can be obtained from primary data, at the same time it can also help in understanding the solution of the problem which is being investigated in this project. Whereas, there are numerous advantages associated to secondary data as well, such as it is economical and can be gathered in minimum time interval (Graham et al., 2021). The gaps of primary data gathering in terms of the biasedness of the online survey can be addressed using secondary data. At the same time, secondary data provides insights of a topic from different perspectives which increases the reliability of the study (Bolander et al., 2021). Thus, it can be said that the selection of mixed method is justified in this study.
Sampling: There are two categories of sampling techniques used in research such as non probabilistic and probabilistic technique. In this project, probabilistic sampling method shall be considered while selecting the participants of the online survey. Biasedness of the online survey shall be addressed using this sampling method, accuracy of the study can also be maintained using this sampling technique (Zimmer, 2020). The sample size of this online survey shall be 50 and it will be conducted from network security advisors having a minimum of 5 years of experience in this field.
Data analysis: Quantitative and qualitative are the two major categories of analysis techniques. In this project, primary data shall be analysed using quantitative tool like MS Excel and secondary data shall be analysed using qualitative measures such as thematic analysis. Data visualization is much easier if MS Excel is used to analyse the raw datasets and it can help in organizing data in a readable format (Dooly, Moore & Vallejo, 2017). On the other hand, trends of any topic can be comprehended in the first place from thematic analysis. Thus, it can be said that the selection of MS Excel and thematic analysis is much justified in this project.
The conduction of this project shall help in the creation of an advanced software which is the Email Security Assessment. Addressing the network security issues is one of the major industrial problems which are confronted across business organizations and the conduction of this project is expected to solve these problems. Understanding the usefulness of email security features such as SPF, DKIM and DMARC for addressing network security issues is another expected outcome of this project.
WA AustCyber Innovation Hub is the industrial partner of this project, the conduction of this project shall help in comprehending the skillset of the human resources of this organization. The project shall also help in comprehending the different categories of cyber security laws which needs to be considered while developing the software. This software can help business enterprises to address different categories of network security threats which have negative impact on the email data.
There are different categories of development models which are considered during the creation of a software such as waterfall, agile, Rapid application development and DevOps.
The conduction of the project shall also help in comprehending the usefulness of waterfall methodology which shall be considered during the design and development of the software. The challenges of the development of a software aligning with the priorities of a business is the other expected outcome of this project. The project shall also help in understanding the challenges associated to the data collection such as maintaining the integrity and confidentiality of raw data sets is another outcome of this project. The conduction of the project shall help in identifying all the current gaps in the network security procedures which allowed the social engineers to conduct an external attack in the network.
Legal, ethical or social considerations
This section should reflect on any legal, ethical or social implications of your proposed project.
The legal consideration of the research is associated to the data which shall be gathered from secondary and primary sources. Maintaining the confidentiality and reliability of the data gathered from the participants of the online survey and also from the relevant data which shall be gathered from the secondary sources are the major legal considerations of the proposed project (Witzleb, 2018). Data Privacy Act 1988 must be considered while protecting ta integrity of the data.
The ethical considerations of this research is following the informed consent rules during the conduction of the online survey. After selection of the sampling technique, an informed consent form shall be forwarded to each participant of the survey (Ramrathan, Le Grange & Shawa, 2017). Getting their legal permission to take part in this project is the main reason behind the distribution of the informed consent forms.
The social consideration of the project is associated to the data gathering procedure of this project as well. During the conduction of the online survey, participants will not be forced to answer any specific answer from the set of options which is available in the questionnaire (Campbell, 2017). Participants shall not be forced to take part in the online survey once they reject the informed consent forms. Scientific misconducts and discrimination shall be avoided with the participants of the online survey.
References
Al Maqbali, F., & Mitchell, C. J. (2018, October). Email-based password recovery-risking or rescuing users?. In 2018 International Carnahan Conference on Security Technology (ICCST) (pp. 1-5). IEEE. https://www.chrismitchell.net/Papers/ebprro.pdf
Andrei, T. (2018). The Internet-secondary data source in marketing research. Ann-Econ Ser, 6, 92-97. https://www.utgjiu.ro/revista/ec/pdf/2018-06/11_Toma.pdf
Bolander, W., Chaker, N. N., Pappas, A., & Bradbury, D. R. (2021). Operationalizing salesperson performance with secondary data: aligning practice, scholarship, and theory. Journal of the Academy of Marketing Science, 49(3), 462-481. https://www.researchgate.net/profile/Willy-Bolander/publication/348323783_Operationalizing_salesperson_performance_with_secondary_data_aligning_practice_scholarship_and_theory/links/5ffbc2ea92851c13fe02f310/Operationalizing-salesperson-performance-with-secondary-data-aligning-practice-scholarship-and-theory.pdf
Campbell, S. P. (2017). Ethics of research in conflict environments. Journal of Global Security Studies, 2(1), 89-101. https://static1.squarespace.com/static/5fa056406fdf717c89d3d790/t/60ca58c5952ff54e89bbee86/1623873733447/Ethics%2Bof%2BResearch%2Bin%2BConflict%2BEnvironments.%2BCampbell.pdf
Deccio, C., Yadav, T., Bennett, N., Hilton, A., Howe, M., Norton, T., … & Taylor, B. (2021, December). Measuring email sender validation in the wild. In Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies (pp. 230-242). https://imaal.byu.edu/papers/2021_conext_spf_validation.pdf
Dooly, M., Moore, E., & Vallejo, C. (2017). Research Ethics. Research-publishing. net. https://files.eric.ed.gov/fulltext/ED573618.pdf
Draper-Gil, G., & Sanchez, I. (2019). My email communications security assessment (MECSA): 2018 results. https://www.researchgate.net/profile/Gerard-Draper-Gil/publication/331407667_My_Email_Communications_Security_Assessment_MECSA_2018_Results/links/5c77e58f458515831f76dbfe/My-Email-Communications-Security-Assessment-MECSA-2018-Results.pdf
Graham, M., Hallowell, N., Solberg, B., Haukkala, A., Holliday, J., Kerasidou, A., … & Vornanen, M. (2021). Taking it to the bank: the ethical management of individual findings arising in secondary research. Journal of Medical Ethics, 47(10), 689-696. https://jme.bmj.com/content/medethics/47/10/689.full.pdf
Kahraman, G. M. (2020). Characterizing Sender Policy Framework configurations at scale (Master’s thesis, University of Twente). https://essay.utwente.nl/83315/1/Kahraman_MA_EEMCS.pdf
Panchenko, L., & Samovilova, N. (2020). Secondary data analysis in educational research: opportunities for PhD students. In SHS Web of Conferences (Vol. 75, p. 04005). EDP Sciences. https://www.shs-conferences.org/articles/shsconf/pdf/2020/03/shsconf_ichtml_2020_04005.pdf
Rahmad, F., Suryanto, Y., & Ramli, K. (2020, July). Performance Comparison of Anti-Spam Technology Using Confusion Matrix Classification. In IOP Conference Series: Materials Science and Engineering (Vol. 879, No. 1, p. 012076). IOP Publishing. https://iopscience.iop.org/article/10.1088/1757-899X/879/1/012076/pdf
Ramrathan, L., Le Grange, L., & Shawa, L. B. (2017). Ethics in educational research. Education studies for initial teacher education, 432-443. https://www.researchgate.net/profile/Lester-Shawa/publication/312069857_Ethics_in_educational_research/links/586e0b9f08ae6eb871bcf47c/Ethics-in-educational-research.pdf
Reed, J. A., & Reed, J. C. (2020). Potential Email Compromise via Dangling DNS MX. https://dnsinstitute.com/research/dangling-mx/dangling-mx-202007.pdf
Scheffler, S., Smith, S., Gilad, Y., & Goldberg, S. (2018, March). The unintended consequences of email spam prevention. In International Conference on Passive and Active Network Measurement (pp. 158-169). Springer, Cham. https://www.cs.huji.ac.il/~yossigi/pam18.pdf
Tan, E. Z. (2018). A Quantitative Study of the Deployment of the Sender Policy Framework. Brigham Young University. https://scholarsarchive.byu.edu/cgi/viewcontent.cgi?article=8009&context=etd
Thompson, J. (2019). Email Authenticity with DMARC. https://scholarworks.iu.edu/dspace/bitstream/handle/2022/24540/Email%20Authenticity%20with%20DMARC_11.2018.pdf?sequence=1
Witzleb, N. (2018). Determinations Under the Privacy Act 1988 (Cth) as a Privacy Remedy. Remedies for Breach of Privacy (Oxford, Hart Publishing, 2018), Monash University Faculty of Law Legal Studies Research Paper, (3189397). https://www.researchgate.net/profile/Normann-Witzleb/publication/325531537_Determinations_under_the_Privacy_Act_1988_Cth_as_a_privacy_remedy/links/5b129b620f7e9b498103e28e/Determinations-under-the-Privacy-Act-1988-Cth-as-a-privacy-remedy.pdf
Zimmer, M. (2020). “But the data is already public”: on the ethics of research in Facebook. In The Ethics of Information Technologies (pp. 229-241). Routledge. https://www.sfu.ca/~palys/Zimmer-2010-EthicsOfResearchFromFacebook.pdf
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
