2808ICT/7623ICT - Grading System Security: Detailed IT Security Plan
VerifiedAdded on 2023/01/03
|11
|2603
|96
Report
AI Summary
This report provides a comprehensive IT security plan for a student grading system, focusing on securing the system from various threats and attacks. It begins with an introduction highlighting the importance of system security and the need for robust measures against hacking, malicious code injections, and exploitation attempts. The scope of the plan covers all staff, faculty, students, and third-party users accessing university information resources. A detailed risk assessment identifies potential threats such as grade modification, unauthorized access, and malware injections, along with corresponding vulnerabilities. The plan outlines security strategies and actions, including user authentication, access control, server security measures (such as continuous auditing and secure storage of security logs), software security, network perimeter security using firewalls and intrusion detection systems, and end-user PC security. The report includes a risk register, security strategies and actions, analysis of residual risks, resource requirements, and maintenance and training protocols. It concludes by emphasizing the importance of regular security maintenance and training to ensure the ongoing protection of the grading system.
GRADING SYSTEM SECURITY
Grading System Security
Name of the Student
Name of the University
Author Note
Grading System Security
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
GRADING SYSTEM SECURITY
Table of Contents
Introduction......................................................................................................................................2
Discussion........................................................................................................................................2
Scope (115)..................................................................................................................................2
Risk Assessment..........................................................................................................................3
User Authentication and Access Control.................................................................................3
Server Security.........................................................................................................................3
Software Security.....................................................................................................................4
Network Perimeter Security....................................................................................................5
End user PC security................................................................................................................6
Risk Register (or implementation plan)...................................................................................6
Security Strategies and Actions...................................................................................................7
Residual Risks.............................................................................................................................7
Resources.....................................................................................................................................7
Maintenance and training............................................................................................................8
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
GRADING SYSTEM SECURITY
Table of Contents
Introduction......................................................................................................................................2
Discussion........................................................................................................................................2
Scope (115)..................................................................................................................................2
Risk Assessment..........................................................................................................................3
User Authentication and Access Control.................................................................................3
Server Security.........................................................................................................................3
Software Security.....................................................................................................................4
Network Perimeter Security....................................................................................................5
End user PC security................................................................................................................6
Risk Register (or implementation plan)...................................................................................6
Security Strategies and Actions...................................................................................................7
Residual Risks.............................................................................................................................7
Resources.....................................................................................................................................7
Maintenance and training............................................................................................................8
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
2
GRADING SYSTEM SECURITY
Introduction
The security of any kind of system should remain secured from any kind of threats and
attacks. This report emphasizes on the security of the student grading system which needs to be
managed as well as built for ensuring the secured deployment of the servers and maintaining its
security against both the automated attacks and simple attacks that can be manually executed.
The protection against the dedicated attacks becomes a little difficult but various steps can be
taken to counter the threats (Sawik, 2013). Various threats which can cause problem to system
are hacking of grade, injections of worms which are malicious codes, attempts of exploitation of
targets etc. It also aims to focus on the plan regarding the implementation, various strategies of
security along with the actions (Jaferian et al., 2014). It also aims to focus on the residual risks
that are related to the system and the ways in which the system should be maintained adhering to
the strict security policy of the organization.
Discussion
Scope (115)
The policy is applicable to all the staffs, faculties, students and the user of the
information regarding the resources of the University which includes the third party agents,
contractors of the university along with the affiliates of the university who can easily access the
information or data of the institution (Boyle & Panko, 2014). It also involves the resources that
were hosted on the campus or the external assessment of the risk along with the security of the
software as well as the server to avoid certain kinds of threats like if any students gets the access
to the grading system in an illegal he/she can easily transform their results without the
knowledge of anyone.
GRADING SYSTEM SECURITY
Introduction
The security of any kind of system should remain secured from any kind of threats and
attacks. This report emphasizes on the security of the student grading system which needs to be
managed as well as built for ensuring the secured deployment of the servers and maintaining its
security against both the automated attacks and simple attacks that can be manually executed.
The protection against the dedicated attacks becomes a little difficult but various steps can be
taken to counter the threats (Sawik, 2013). Various threats which can cause problem to system
are hacking of grade, injections of worms which are malicious codes, attempts of exploitation of
targets etc. It also aims to focus on the plan regarding the implementation, various strategies of
security along with the actions (Jaferian et al., 2014). It also aims to focus on the residual risks
that are related to the system and the ways in which the system should be maintained adhering to
the strict security policy of the organization.
Discussion
Scope (115)
The policy is applicable to all the staffs, faculties, students and the user of the
information regarding the resources of the University which includes the third party agents,
contractors of the university along with the affiliates of the university who can easily access the
information or data of the institution (Boyle & Panko, 2014). It also involves the resources that
were hosted on the campus or the external assessment of the risk along with the security of the
software as well as the server to avoid certain kinds of threats like if any students gets the access
to the grading system in an illegal he/she can easily transform their results without the
knowledge of anyone.
You're viewing a preview
Unlock full access by subscribing today!
3
GRADING SYSTEM SECURITY
Risk Assessment
The various kinds of risks related to the grading system includes the threats, sources of
threats along with the vulnerabilities etc. The risks related are the hacking of the grades or
modification of the grades like the students of the University who might wish for modifying their
results of their own or to see the results of others as well as modify others result (Hänsch &
Benenson, 2014). The concerns of privacy include the internal users of the information of the
university like the students or staffs or the faculties who might have an aim to see or transform
all the results and in case of the external users who might desire to gain unauthorized access to
the sensitive information of the university or else desires to modify the results of the students or
corrupt the personal as well as confidential information. The risks also includes the injection of
malicious code in the form of worms (Angst et al. , 2017). There are scenarios where the
scanning can be automated and the tools can be exploited. The exploit attempts can also be
targeted along with the phishing attempts.
User Authentication and Access Control
Risks Confidentiality Integrity Availability
Hacking of grades Yes Yes Yes
Modification of grade Yes Yes Yes
Unauthorized access
to the system
Yes Yes Yes
Server Security
The security of the server is the process of protecting the information assets which can
always be accessed by server. It is very important for the organization keep its server safe and
GRADING SYSTEM SECURITY
Risk Assessment
The various kinds of risks related to the grading system includes the threats, sources of
threats along with the vulnerabilities etc. The risks related are the hacking of the grades or
modification of the grades like the students of the University who might wish for modifying their
results of their own or to see the results of others as well as modify others result (Hänsch &
Benenson, 2014). The concerns of privacy include the internal users of the information of the
university like the students or staffs or the faculties who might have an aim to see or transform
all the results and in case of the external users who might desire to gain unauthorized access to
the sensitive information of the university or else desires to modify the results of the students or
corrupt the personal as well as confidential information. The risks also includes the injection of
malicious code in the form of worms (Angst et al. , 2017). There are scenarios where the
scanning can be automated and the tools can be exploited. The exploit attempts can also be
targeted along with the phishing attempts.
User Authentication and Access Control
Risks Confidentiality Integrity Availability
Hacking of grades Yes Yes Yes
Modification of grade Yes Yes Yes
Unauthorized access
to the system
Yes Yes Yes
Server Security
The security of the server is the process of protecting the information assets which can
always be accessed by server. It is very important for the organization keep its server safe and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
GRADING SYSTEM SECURITY
secure as it contains a lot of confidential as well as sensitive information as the organization
consists of a virtual or physical web server which is linked with the internet. The security logs of
any website must be continuously audited and should be stored in a more secure place. The
information regarding the details of the students, staffs and the faculty members, results of the
students, sensitive and confidential information regarding the management of the university and
many more useful information is present in the server (Jackson, 2013). An application server
runs behind and the stored information can be manipulated by modifying information by the
people who have access to it. The system can be accessed by the staffs, faculties, students and
the user of the information regarding the resources of the University which includes the third
party agents, contractors of the university along with the affiliates of the university who can
easily access the information or data of the institution and they can have an authorized access.
The people related to the administration of the university has the administrative access to the
system and the system is controlled in a systematic way (Leake & Pike, 2013). The procedures of
management utilized for the management of its configuration are establishment as well as
consistency maintenance of the performance of the server along with the maintenance of design
and the functional requirements etc. The operating system is Linux which is a highly secured and
is successful in providing high level of security (Mahdi et al., 2016). The process of system
hardening can be utilized which is helpful for minimizing the vulnerabilities of security and
eliminating the risks of security.
Software Security
This is a term used for showcasing the correct functioning of the software under the
malicious attacks. The software should be secured for providing authentication, availability and
integrity. No such critical software is utilized by the organization which remains exposed to the
GRADING SYSTEM SECURITY
secure as it contains a lot of confidential as well as sensitive information as the organization
consists of a virtual or physical web server which is linked with the internet. The security logs of
any website must be continuously audited and should be stored in a more secure place. The
information regarding the details of the students, staffs and the faculty members, results of the
students, sensitive and confidential information regarding the management of the university and
many more useful information is present in the server (Jackson, 2013). An application server
runs behind and the stored information can be manipulated by modifying information by the
people who have access to it. The system can be accessed by the staffs, faculties, students and
the user of the information regarding the resources of the University which includes the third
party agents, contractors of the university along with the affiliates of the university who can
easily access the information or data of the institution and they can have an authorized access.
The people related to the administration of the university has the administrative access to the
system and the system is controlled in a systematic way (Leake & Pike, 2013). The procedures of
management utilized for the management of its configuration are establishment as well as
consistency maintenance of the performance of the server along with the maintenance of design
and the functional requirements etc. The operating system is Linux which is a highly secured and
is successful in providing high level of security (Mahdi et al., 2016). The process of system
hardening can be utilized which is helpful for minimizing the vulnerabilities of security and
eliminating the risks of security.
Software Security
This is a term used for showcasing the correct functioning of the software under the
malicious attacks. The software should be secured for providing authentication, availability and
integrity. No such critical software is utilized by the organization which remains exposed to the
5
GRADING SYSTEM SECURITY
external kind of attacks like the execution of the software on a web server that is externally
visible for handling all the responses to various forms or for handling the dynamic data.
Network Perimeter Security
The network perimeter security or the perimeter defense is a process of defending the
network from all the attacks which works in a systematic manner for providing protection as a
firewall from the external attacks. A firewall is utilized which plays the role of a network
security system which is accountable for controlling and monitoring both the outgoing as well as
the incoming traffic of the network on the basis of the security rules which has been previously
determined where a barrier is established between an untrusted external network and trusted
internal network (Peltier, 2016). Various intrusion detection techniques are utilized like NIDS or
network intrusion detection system and PIDS or perimeter intrusion detection system. The access
policy utilized by the network traffic are the management of the bandwidth of the network as
some of the times all the network traffic are equally created, by the utilization of the different
VLANS so that the user can witness a personalized experience (Ifinedo, 2014). The network
services which are allowed to as well as across the perimeter of the network such as the traffic
are directed in, out and across the networks. The router is a network that links the external
network to the perimeter network.
An inbound firewall is most preferable in this scenario because in case of inbound
firewall, the network is protected from the incoming traffic that is coming from the various
segments of network or internet like the connections that are disallowed, different types of
malware attacks along with the denial of service attacks. The configuration of these sort of
firewalls is network specific, business along with being risk specific (Siponen, Mahmood &
GRADING SYSTEM SECURITY
external kind of attacks like the execution of the software on a web server that is externally
visible for handling all the responses to various forms or for handling the dynamic data.
Network Perimeter Security
The network perimeter security or the perimeter defense is a process of defending the
network from all the attacks which works in a systematic manner for providing protection as a
firewall from the external attacks. A firewall is utilized which plays the role of a network
security system which is accountable for controlling and monitoring both the outgoing as well as
the incoming traffic of the network on the basis of the security rules which has been previously
determined where a barrier is established between an untrusted external network and trusted
internal network (Peltier, 2016). Various intrusion detection techniques are utilized like NIDS or
network intrusion detection system and PIDS or perimeter intrusion detection system. The access
policy utilized by the network traffic are the management of the bandwidth of the network as
some of the times all the network traffic are equally created, by the utilization of the different
VLANS so that the user can witness a personalized experience (Ifinedo, 2014). The network
services which are allowed to as well as across the perimeter of the network such as the traffic
are directed in, out and across the networks. The router is a network that links the external
network to the perimeter network.
An inbound firewall is most preferable in this scenario because in case of inbound
firewall, the network is protected from the incoming traffic that is coming from the various
segments of network or internet like the connections that are disallowed, different types of
malware attacks along with the denial of service attacks. The configuration of these sort of
firewalls is network specific, business along with being risk specific (Siponen, Mahmood &
You're viewing a preview
Unlock full access by subscribing today!
6
GRADING SYSTEM SECURITY
Pahnila, 2014). But in case of the outbound firewall what happens is it provides a protection
against all the outgoing traffic that originates inside the network of an enterprise.
End user PC security
The security of personal computer of the end user is a very important factor regarding the
import of malware or malicious software onto the workstations or the personal computer of the
clients. The configuration involves a mechanism that is very time consuming as well as
demanding in nature for configuring such types of systems. The updation of these systems
should be done on a regular basis. The mechanism of updation involves the updation of the
processes that takes place in such kind of systems that includes the few changes in the program
of computer or the data supporting it which is designed for the improvement of it (Crossler et al.,
2013). The various options in this system are upgraded for higher levels of security. The
antivirus products to be used are Norton antivirus and F-secure antivirus. The various products
that could be utilized are Avira antivirus and Avast antivirus. The various personal firewall
products that could be used are McAfee Livesafe and Kaspersky Internet Security. The
mechanisms that are used currently should be improved for the increasing the security levels of
this types of sytems.
Risk Register (or implementation plan)
Basically risk register is a tool utilized for the documentation of risks and the measures
taken for the management of each and every risk. The hacking or the modification of grades
could be stopped by providing a secured password that will only be known by some of the
members of the university. The internal users who might desire for seeing the results will be
provided a stipulated time and within that the results will be shown (Peltier, 2013). The external
GRADING SYSTEM SECURITY
Pahnila, 2014). But in case of the outbound firewall what happens is it provides a protection
against all the outgoing traffic that originates inside the network of an enterprise.
End user PC security
The security of personal computer of the end user is a very important factor regarding the
import of malware or malicious software onto the workstations or the personal computer of the
clients. The configuration involves a mechanism that is very time consuming as well as
demanding in nature for configuring such types of systems. The updation of these systems
should be done on a regular basis. The mechanism of updation involves the updation of the
processes that takes place in such kind of systems that includes the few changes in the program
of computer or the data supporting it which is designed for the improvement of it (Crossler et al.,
2013). The various options in this system are upgraded for higher levels of security. The
antivirus products to be used are Norton antivirus and F-secure antivirus. The various products
that could be utilized are Avira antivirus and Avast antivirus. The various personal firewall
products that could be used are McAfee Livesafe and Kaspersky Internet Security. The
mechanisms that are used currently should be improved for the increasing the security levels of
this types of sytems.
Risk Register (or implementation plan)
Basically risk register is a tool utilized for the documentation of risks and the measures
taken for the management of each and every risk. The hacking or the modification of grades
could be stopped by providing a secured password that will only be known by some of the
members of the university. The internal users who might desire for seeing the results will be
provided a stipulated time and within that the results will be shown (Peltier, 2013). The external
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
GRADING SYSTEM SECURITY
users will be able to access the system with the usage of the identity card number. By activation
of various antivirus software the malicious codes can be provided.
Security Strategies and Actions
The security strategies and actions that will be taken regarding the grading system are
specified and secured passwords will be provided to the important users so that only they can
have the access to the grading system. The staffs and the students will only have access to see
their results when they are allowed to and they will be monitored while they see the details
regarding their results as well as performances and attendances (Safa, Von Solms & Furnell,
2016). In these ways a security plan can be implemented along with the usage of a secured
operating system.
Selected Treatment Management Operational Technical
Change of passwords Yes Yes
Regular monitoring Yes Yes Yes
Usage of secured OS Yes Yes
Residual Risks
After accessing all of the possible risks regarding the security of the grading system, the
residual risk is the irregular monitoring of the grading system which might lead to the drawback
in the security level of the grading system that is, if the monitoring of the system is not done on a
regular basis then it is impossible to tack the vulnerabilities.
Resources
A software along with satisfying computer programs will required for the implementation
of the recommendations. The hardware part includes a computer, mouse, keyboard and central
processing unit. The human resources include good working conditions, training, development
and maintenance.
GRADING SYSTEM SECURITY
users will be able to access the system with the usage of the identity card number. By activation
of various antivirus software the malicious codes can be provided.
Security Strategies and Actions
The security strategies and actions that will be taken regarding the grading system are
specified and secured passwords will be provided to the important users so that only they can
have the access to the grading system. The staffs and the students will only have access to see
their results when they are allowed to and they will be monitored while they see the details
regarding their results as well as performances and attendances (Safa, Von Solms & Furnell,
2016). In these ways a security plan can be implemented along with the usage of a secured
operating system.
Selected Treatment Management Operational Technical
Change of passwords Yes Yes
Regular monitoring Yes Yes Yes
Usage of secured OS Yes Yes
Residual Risks
After accessing all of the possible risks regarding the security of the grading system, the
residual risk is the irregular monitoring of the grading system which might lead to the drawback
in the security level of the grading system that is, if the monitoring of the system is not done on a
regular basis then it is impossible to tack the vulnerabilities.
Resources
A software along with satisfying computer programs will required for the implementation
of the recommendations. The hardware part includes a computer, mouse, keyboard and central
processing unit. The human resources include good working conditions, training, development
and maintenance.
8
GRADING SYSTEM SECURITY
Maintenance and training
The mechanism of security should be maintained in a proper way on a regular basis by
checking all the functionalities of the system (Leake & Pike, 2013). Proper training should be
provided to the people who will handle this whole grading system and maintain its security like
how the individual should operate the system, handle the system and monitor and maintain its
security.
Conclusion
In the above report, an IT security plan is discussed where scope, assessment of risk,
security of various aspects like server, software have been discussed. The strategies of security
along with the residual risk has also been analyzed (Crossler et al., 2013). The resources required
for the implementation of the security plan and its mechanism has also been mentioned along
with the methods of maintenance and training.
GRADING SYSTEM SECURITY
Maintenance and training
The mechanism of security should be maintained in a proper way on a regular basis by
checking all the functionalities of the system (Leake & Pike, 2013). Proper training should be
provided to the people who will handle this whole grading system and maintain its security like
how the individual should operate the system, handle the system and monitor and maintain its
security.
Conclusion
In the above report, an IT security plan is discussed where scope, assessment of risk,
security of various aspects like server, software have been discussed. The strategies of security
along with the residual risk has also been analyzed (Crossler et al., 2013). The resources required
for the implementation of the security plan and its mechanism has also been mentioned along
with the methods of maintenance and training.
You're viewing a preview
Unlock full access by subscribing today!
9
GRADING SYSTEM SECURITY
References
Angst, C. M., Block, E. S., D'arcy, J., & Kelley, K. (2017). When do IT security investments
matter? Accounting for the influence of institutional factors in the context of healthcare
data breaches. Mis Quarterly, 41(3).
Boyle, R. J., & Panko, R. R. (2014). Corporate computer security. Prentice Hall Press.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013).
Future directions for behavioral information security research. computers & security, 32,
90-101.
Hänsch, N., & Benenson, Z. (2014, September). Specifying IT security awareness. In 2014 25th
International Workshop on Database and Expert Systems Applications (pp. 326-330).
IEEE.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-
79.
Jackson, W. (2013). U.S. Patent Application No. 13/282,827.
Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., & Beznosov, K. (2014).
Heuristics for evaluating IT security management tools. Human–Computer Interaction,
29(4), 311-350.
Leake, E. N., & Pike, G. (2013). U.S. Patent No. 8,510,827. Washington, DC: U.S. Patent and
Trademark Office.
GRADING SYSTEM SECURITY
References
Angst, C. M., Block, E. S., D'arcy, J., & Kelley, K. (2017). When do IT security investments
matter? Accounting for the influence of institutional factors in the context of healthcare
data breaches. Mis Quarterly, 41(3).
Boyle, R. J., & Panko, R. R. (2014). Corporate computer security. Prentice Hall Press.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013).
Future directions for behavioral information security research. computers & security, 32,
90-101.
Hänsch, N., & Benenson, Z. (2014, September). Specifying IT security awareness. In 2014 25th
International Workshop on Database and Expert Systems Applications (pp. 326-330).
IEEE.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-
79.
Jackson, W. (2013). U.S. Patent Application No. 13/282,827.
Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., & Beznosov, K. (2014).
Heuristics for evaluating IT security management tools. Human–Computer Interaction,
29(4), 311-350.
Leake, E. N., & Pike, G. (2013). U.S. Patent No. 8,510,827. Washington, DC: U.S. Patent and
Trademark Office.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
GRADING SYSTEM SECURITY
Mahdi, A. O., Alhabbash, M. I., & Naser, S. S. A. (2016). An intelligent tutoring system for
teaching advanced topics in information security.
Peltier, T. R. (2013). Information security fundamentals. CRC press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. computers & security, 56, 70-82.
Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security planning.
Decision Support Systems, 55(1), 156-164.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
GRADING SYSTEM SECURITY
Mahdi, A. O., Alhabbash, M. I., & Naser, S. S. A. (2016). An intelligent tutoring system for
teaching advanced topics in information security.
Peltier, T. R. (2013). Information security fundamentals. CRC press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. computers & security, 56, 70-82.
Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security planning.
Decision Support Systems, 55(1), 156-164.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.