| Step 1: Start |
| Step 2: Define BYOD security process and policies variables |
| = Security policies |
| = Detection Polices |
| = Incident Response |
| = Security violation Protection policy |
| = Forensic call policy |
| Step 3: Technology variables and users |
| T1 = Technology portfolio |
| T2 = Monitoring system |
| T3 = Detection System/Decoy system |
| T4 = Protection technology |
| T5 = Log management |
| T6 = Forensic technology ecosystem |
| T7 = Threat category |
| U1=BYOD users |
| Step 4: action and category variables |
| violation = V |
| Risk acceptable level = A |
| Protection = P |
| Forensic = F |
| Step 4: Monitoring of threat |
| push U1 through T3 and compare P1 |
| If Result = A |
| then accept request |
| stop |
| else |
| call Step 5 |
| Then process U1 in T4 for P2 |
| send U1 logs to T5 |
| else |
| call step 5 |
| Step 5: Detection and Protection |
| Push U1 through T3 for P4 |
| if Result = V |
| Drop traffic |
| Else |
| call step 7 |
| Step 7: identify threat |
| If threat category is = known |
| if verdict/score = A |
| pass the traffic |
| else |
| drop and send Call step 10 for forensic |
| else |
| call step 8 for T7 Sandboxing for threat verdicts to |
| call step 9 |
| else |
| call step Sandboxing for threat verdicts |
| Step 8: Analyze threat category |
| Analysis of threat type with threat Hash |
| return T7 = verdict and score of threat category |
| Step 9: Unknown threat for forensic |
| If T7 = = A compare to P5 |
| pass and send T5 |
| else |
| send for forensic T6 |
| Step 10: Forensic ecosystem |
| if P5=Investigate attack |
| do analysis |
| Present |
| Step 9: Present to Law and enforcement |
| Step 11: Stop |