There are five primary steps in this research methodology, namely, problem statement, identification of
common APT vectors along with their probable risks, proposition and implementation of security
policies, result analysis based on devised security policies and the evaluation and benchmarking of these
policies. The problem statement addresses the first research objective in investigating security policies in
alleviating APT via spear phishing attack. The hypothesis postulated is that the formulated security
policies in this research will be more efficient in mitigating APT via spear phishing within BYOD
environment. The identification of common APT vectors with risk quantifications conforms to the second
research objective of identifying vulnerabilities and quantifying risks accordingly.