Defensive Cybersecurity Preparedness Assessment Model for Universities
Abstract
With the recent uptake of fiber connectivity, broadband and internet, access has become readily available to citizens all over the world. General Cyber Security threats like malware attacks, social engineering scams and financial frauds have increased. NIST and ISO standards have proposed numerous security models, but the frightening truth about escalating cyber-attacks is that most organizations/businesses, as well as the cyber security industry itself, are unprepared. This is because most existing security analysis tools focus mainly on detecting attacks. Despite the steady flow of security updates and patches, this scenario has led to a continued rise of attack surface in institutions of higher learning where students and staff sensitive information and valuable assets is of high stake. Therefore, the purpose of this study is to develop a web-based model for assessing cybersecurity preparedness in universities. This was achieved through design science methodology and engineering design process. The model provides the overview of the university’s preparedness level and the appropriate recommendations that need to be considered to remain cyber ready at all times.
References
Beniwal, S. (2015). Ethical Hacking: A Security Technique. International Journal of Advanced Research in Computer Science and Software Engineering
Biddle, S. (2017, December 13). Three of the Biggest Cybersecurity Challenges Facing the Education Sector. Retrieved March 28, 2019, from Fortinet Blog website: https:/ /www.fortinet.com/blog/business-and-technology/three-of-the-biggest-cybersecurity-challenges-facing-the-education-sector.html
Cybersecurity. (2014). Framework for Improving Critical Infrastructure
DiMaria, J., & Tse, R. (2018). Case Study - The Business and Regulatory Value of Third Party Certification to the NIST Cybersecurity Framework.
GTAG. (2016). Assessing cybersecurity risk. Retrieved from https://www.aicpa.org/content/ dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/cybersecurity/gtag-assessing-cybersecurity-risk.
Irwin, L. (2019, March 18). ISO 27001: The 14 control sets of Annex A explained. Retrieved June 13, 2019, from IT Governance Blog website: https://www.itgovernance.co.uk /blog/iso-27001-the-14-control-sets-of-annex-a-explained
Kalechava, B. (2017, January 4). Information Security Management System (ISO/IEC 27000 Series). Retrieved June 10, 2019, from The ANSI Blog website: https://blog.ansi.org/2017/01/ information-security-management-system-isoiec/
Kigen, P. M., Muchai, C., Kimani, K., Mwangi, M., Shiyayo, B., Ndegwa, D., ... & Shitanda, S. (2015). Kenya Cyber Security Report 2015. Serianu Limited.
Kumar, D. (2014). NIST Cybersecurity Framework v1.0: Key Takeaways
Messer, A., & Medairy, B. (2018). The Future of Cyber Defense... Going on the Offensive.
Ministry of Education, (2014). University Education and Research.
Ministry of ICT, (2014). National Cybersecurity Strategy
Mutai, J. (2017). Assessing Security Risk Exposure in Kenyan Savings and Credit Cooperative Societies using a Web Based Model to Compute Security Risk Exposure Index. 2(1), 11.
Mwambe, O. O., & Echizen, I. (2016). Security modeling tool for information systems: Security Oriented Malicious Activity Diagrams Meta Model Validation.
Neaimi, A. Al, Ranginya, T., & Lutaaya, P. (2015). A Framework for Effectiveness of Cyber Security Defenses , a case of the United Arab Emirates ( UAE ). 4(1), 290–301.
Salcito, A. (2018). The growing role of education as the engine of economic change makes the work happening to transform our schools and classrooms fundamental to global progress.
Schweizerische, S. V. (2013). Information technology-Security techniques-Information security management systems-Requirements. ISO/IEC International Standards Organization
Serianu, (2017). Kenya CyberSecurity Report 2017: Demystifying Africa’s Cyber Security Poverty Line
Shahmoradi, L., Changizi, V., Mehraeen, E., Bashiri, A., Jannat, B., & Hosseini, M. (2018). The challenges of E-learning system: Higher educational institutions perspective. Journal of Education and Health Promotion, 7. https://doi.org/10.4103/jehp.jehp_39_18
Update, T. P. (2017). Reimagining the Role of Technology in Education?:, (January).
Weiss, M. M., & Solomon, M. G. (2016). Auditing IT infrastructures for compliance (2nd Edition). Burlington, MA: Jones & Bartlett Learning.
Downloads
Published
Versions
- 2022-07-04 (2)
- 2022-07-04 (1)
How to Cite
Issue
Section
License
Copyright (c) 2022 International Journal of Computer (IJC)
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who submit papers with this journal agree to the following terms.