Trusted Security Policies for Tackling Advanced Persistent Threat via Spear Phishing in BYOD Environment

With the advent of pervasive and ubiquitous mobile devices, Bring Your Own Device (BYOD) trend is steadily gaining traction amongst many corporations, in allowing the extensive utilization of mobile devices in handling work-related data. However, there are several drawbacks to this approach, one of which is the risks resulted from the occurrence of Advanced Persistent Threat (APT). The goal of APT is to exfiltrate and leak important and sensitive corporate information through exploitation of vulnerabilities within BYOD environment. This paper addresses the APT issue via spear phishing attacks within BYOD environment, through the mediation provided by security policies. The devising of Mandatory Access Control (MAC) security policies using ACPT includes the implementation of environment attributes along with the specification of proposed policy rules for organizations is proven to be the most suitable policy mechanism for BYOD environment. Guidelines in mitigating APT via spear phishing are briefly discussed as well.