The report emphasizes on the grading system of the students that is planned to be implemented by the Remarkable University. The grading system that is planned by the university ensures that it fit for the purpose of the system and will be capable of providing security from the various threats that may take place. The core components of the student grading system are a front-end web or application server that students, administrative staff and academics staff use and a database for holding the grades of the students.
The report identifies the several types of threats that may arise due to the implementation of the grading system. The measures and strategies that can be adopted in order to prevent these threats have been discussed in the report. The following paragraphs describe the IT assets and identifie the risks to the key assets by considering the various security domains. The report outlines the security strategies and actions and provides recommendations by developing a security implementation plan. The resources that would be required for the implementations of the recommendations provided in the report are also described in the following paragraphs.
Scope:
The Remarkable University is planning to implement a new grading system for the students. The University is required to ensure that this new system will remain prevented from the simple manual and common automated attacks. The system needs to remain protected from several risks that may arise by implementing some appropriate access control. The main components of the new grading system are a front-end web or application server and database for holding the grades of the students.
The university needs to develop the grading system application in a secure manner by ensuring the information transferred through the system is protected and the database is secure from common automated attacks. There are several types of risk issues that may arise due to the implementation of the grading system including unauthorized access, attempts by the students to modify the data, modifications by the external users, attempts to exploit the file or the system and many other risks. The IT assets that can be identified in the system implemented by the university discussed in the following paragraphs.
Risk assessment:
User Authentication and Access Controls:
The unauthorised access is a major risk that may take place with the application of student grading system by Remarkable University. It can be prevented by implementing several IT software or hardware assets.
Authorised login system:
There is a risk of unauthorized access to data and information stored in the system, therefore the university may implement a system or software that would be prevented the system from being accessed by any unauthorized user. The students may try to steal the login password in order to access the system.
Firewalls:
The university may install firewall software in order to prevent access from the unauthorised systems. The external users may attempt to access the system to modify the grades or to access the personal information stored in the system.
Server security:
There is a risk on the server of the system due to the instalment of the grading system for the students in the Remarkable University. The unauthorized users or students may hack the server in order to steal or manipulate the file
Files containing the data:
The major target of the hackers may be the files that contain the personal information and grades of the students. It may be attempted by the students or external users to hack the server in order to access the contents or files of the system to access the data stored in it.
Software security:
The software security is the significant area that needs to be considered by the university while implementation of the system. The external users or students can exploit the software of the system by attacking the system with malicious code in order to erase the data stored in the system.
Data files:
The files or systems containing the data or information may be targeted by exploiting the system through malicious codes.
Network security:
Network security includes the policies or practices that are adopted by the organisation in order to prevent any misuse, unauthorised use, maintain data privacy or prevent modification of the data. The unauthorised users may steal the login passwords that are provided to the staffs of the university to modify the grades or access the data of the system.
Login information:
The login id and password that would be assigned to the staffs to access the data stored in the system or to modify the grades of the students may be stolen by the students with a motive to modify their or others grade.
Password protected files:
The external users may try to password of the files of the system that are protected by private passwords and contains the information of the students or grades.
Risk register:
|
Risks |
Probability |
Reason |
Impact |
Recommendation |
|
Login information theft |
Medium |
The student may try to steal the login information of the system to modify their grades. |
The recorded grades of the students by the authority may get altered. |
The university needs to remain ensured that the login information are not shared with any external user. |
|
Malicious attack |
High |
The external users or students can attack the system through malicious codes with an intention to erase the data. |
The grades and other information of the students stored in the system would be erased. |
The university is required to install proper software to prevent the virus or malicious attacks. |
|
Hacking of the system |
High |
The students may try to hack the system to access the data and change their grades. |
The university would publish incorrect result or grades of the student unknowingly. |
The remarkable university is required to install strong applications or software that would prevent the system from being hacked. |
|
Phishing attacks |
High |
The external or unauthorised users may attempt to access the personal information or data stored in the system. |
The unauthorised users can try to steal or access the data of the system to modify or view the data stored in it. |
The data and information should be stored in a password protected file by the university in order to prevent the data from being accessed by any external user. |
Security strategies and actions:
User Authentication and Access Control:
The university needs to implement proper access control for the system that would ensure that only authorised users could view and modify the data. It is required by the university to provide the staffs of the organisation with private login id and password to allow them to access the data.
Server security:
The server security is the technique to protect the data that is stored on the web server and can be misused by any external user. The remarkable university needs to install firewall application or software in their system to prevent the grades and personal information of the students that are stored in the server from being accessed by any unauthorised user.
Software security:
The security of the software that is used by the organisation for the implementation of the grading system is a significant issue that needs to be considered (Piessens and Verbauwhede 2016). The university should implement the system by using a proper software that could handle the data in a secure manner.
Network security:
The Remarkable University is required to adopt appropriate policies and practices in order to prevent the data from being accessed by any external users. It should ensure that the data is sent to and from the authorised users and is protected from being misused.
Other risks:
There are several other risks that can arise due to the implementation of the new grading system by the university that includes malware attack, data theft, attempts to modify the grades by the students, data misuse by any external user and many other risks that needs to be controlled by the university by implementation of proper policies and practices.
Implementation plan:
|
Planning |
Time required |
Result |
|
Providing private login details to the authorised users. |
2 weeks |
The system will remain prevented from being accessed by unauthorised users. |
|
Instalment of software in each system of the university to prevent from malicious attacks. |
1 week |
The external users would be not able to attack the system through malicious codes. |
|
Instalment of firewall software or application in each system containing the data (Ogbu and Oksiuk 2016). |
1 week |
The files containing the personal data and grades of the students will remain protected from being stolen or modified by external users. |
Residual risks:
There are several practices that may be adopted by the university in order to avoid the risks that may occur due to the implementation of the grading system. However, there are still some residual risks that may or may not take place.
Resources:
Software for prevention of malware attack:
An appropriate software is required to be installed in each system containing the details of the students grades to prevent it from attack of the malicious code by any external user.
Manager for maintaining the data:
The university needs to assign a manager to manage the data and ensure that it is send to the right and authorised person.
Security plan:
The Remarkable University required to make proper policies and planning and implement it in an efficient way in order to the risks that may arise after implementation of the system.
Maintenance and training:
The university needs to maintain the system in a proper way in order to get the efficient result. The file containing the personal details and grades of the students should be password protected in order to prevent it from any external user. The university should use updated software for the implementation of the system. The staffs of the university maintaining the system should be given proper and regular training for maintaining the security of the data.
References:
Ogbu, J.O. and Oksiuk, A., 2016, October. Information protection of data processing center against cyber attacks. In Problems of Infocommunications Science and Technology (PIC S&T), 2016 Third International Scientific-Practical Conference (pp. 132-134). IEEE.
Piessens, F. and Verbauwhede, I., 2016, March. Software security: Vulnerabilities and countermeasures for two attacker models. In Proceedings of the 2016 Conference on Design, Automation & Test in Europe (pp. 990-999). EDA Consortium.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download