Assignment Task: As you may have noticed, phishing emails and cyber-attacks are becoming more prevalent in today's society. To increase the safety of our accounts, CBU is moving to a Multi-Factor Authentication (MFA) system to help protect users from phishing and account compromisation.
What is Multi-Factor Authentication?
Multi-Factor Authentication is a security measure that requires users to prove their identity by providing two or more pieces of evidence - or factors - when logging into their accounts. One factor is the users username and password combination. The requirement for additional factors is satisfied through a verification method such as an authenticator app, a text message, a phone call, or a security key. With this system in place, a hackers attempt to steal the users password will not be successful as they will not be able access the users verification method.
What does this mean for CBU employees?
The move to a MFA system will be a three-phased approach through CBU's IT Department:
- Phase one (December 2022): IT will begin by moving all employees with a CBU-issued cell phone to the MFA system.
- Phase two (January/February 2023): IT will move all remaining employees to the MFA system.
- Phase three (late February 2023): IT will begin moving student accounts to the MFA system
After enabling the MFA system, employees will log into their CBU account and will enter their email and password, as usual. Next, employees will be prompted to complete a MFA verification using one of their registered verification methods: the Microsoft Authenticator App, a text message, a phone call, or a CBU provided security key. For example, should you choose the text message option, when you login to your email, a text message will be generated with a passcode after the initial password is provided.
Compromised passwords are one of the most common ways hackers can get at our data and our identities. Using MFA is one of the easiest ways to make it significantly harder for them to do that, and one of the easiest ways to protect ourselves online.
Q1. What is the key issue in the case? Identify the decision maker, and customers/stakeholders in the case?
Q2. Identify and explain the opportunities and threats exist in the case? Provide and connect at least one related example in the real-life context.
Q3. What implementation methodology is followed in this case, and what are the risks and benefits in using this implementation methodology?