| | Step 1: Start |
| | Step 2: Define BYOD security process and policies variables |
| | = Security policies |
| | = Detection Polices |
| | = Incident Response |
| | = Security violation Protection policy |
| | = Forensic call policy |
| | Step 3: Technology variables and users |
| | T1 = Technology portfolio |
| | T2 = Monitoring system |
| | T3 = Detection System/Decoy system |
| | T4 = Protection technology |
| | T5 = Log management |
| | T6 = Forensic technology ecosystem |
| | T7 = Threat category |
| | U1=BYOD users |
| | Step 4: action and category variables |
| | violation = V |
| | Risk acceptable level = A |
| | Protection = P |
| | Forensic = F |
| | Step 4: Monitoring of threat |
| | push U1 through T3 and compare P1 |
| | If Result = A |
| | then accept request |
| | stop |
| | else |
| | call Step 5 |
| | Then process U1 in T4 for P2 |
| | send U1 logs to T5 |
| | else |
| | call step 5 |
| | Step 5: Detection and Protection |
| | Push U1 through T3 for P4 |
| | if Result = V |
| | Drop traffic |
| | Else |
| | call step 7 |
| | Step 7: identify threat |
| | If threat category is = known |
| | if verdict/score = A |
| | pass the traffic |
| | else |
| | drop and send Call step 10 for forensic |
| | else |
| | call step 8 for T7 Sandboxing for threat verdicts to |
| | call step 9 |
| | else |
| | call step Sandboxing for threat verdicts |
| | Step 8: Analyze threat category |
| | Analysis of threat type with threat Hash |
| | return T7 = verdict and score of threat category |
| | Step 9: Unknown threat for forensic |
| | If T7 = = A compare to P5 |
| | pass and send T5 |
| | else |
| | send for forensic T6 |
| | Step 10: Forensic ecosystem |
| | if P5=Investigate attack |
| | do analysis |
| | Present |
| | Step 9: Present to Law and enforcement |
| | Step 11: Stop |
