Cybersecurity

Contents

Introduction.

Risk Assessment

Asset 1- Student information database.

Asset 2- Webserver:

Asset 3- AI Lab.

Conclusion.

Reference.

Introduction to Common Web Security Vulnerabilities

Technology is a huge part of educational institutes. The cyber advancement lead to cyber vulnerabilities and threat on the assets. There is always a risk of security breach is those vulnerabilities are not taken care of. The protection of confidentiality, authentication, integrity, energy efficiency and availability of transmissions against malicious attacks is important to make the system safer (Bhushan & Sahoo, 2017). The following risk evaluation investigates vulnerabilities and control measure for three assets namely; student information database, webserver and AI lab. The impact and likelihood determines the level of the risk possess by the vulnerability and threat.

Amongst all these vulnerabilities and threat, the top three that possess highest risk to the cybersecurity of the Southern Cross University are:

  1. Lack of proper access control could lead to unauthorised access by malicious intruder/hacker.
  1. Improper session management and same session IDs may give hackers an opportunity to have access user’s previous session logged in from public computers. Students often uses public computer or network to login into the system. After they logged out, some other malicious user may use the same cookies to recover the sensitive data and information such as student profile and credit card details.
  1. Poisoning attack could happen which disrupt the models and manipulate the outcome by feeding the corrupted sample data.

Risk Assessment

Asset 1- Student Information Database

Asset

Vulnerability & threat

Impact

Likelihood

Risk

Control(safeguard)

Student Info DB

lack of proper access control could lead to unauthorised access by malicious

intruder/hacker 

4

3

12(major)

• proper privilege scheme like RBAC

• renaming/disabling the default admin user and password

• creating and implementing least privilege policy for

database users

Student Info DB

Accessing 3rd party API through institute’s credential expose the institute and its data

3

4

12(major)

• Right 3rd party API must integrate with the institute

• Strong firewall protection to avoid leaking of data to the 3rd party.

• Malicious web request must be blocked.

Student Info DB

Unmanaged database, which is often forgotten may loss or stolen, and may contain sensitive information

5

2

10(major)

• Archiving and encrypting database

• Managing database through cloud deployment

• Ensuring data backup strategy through backup devices.

Asset 2- Webserver:

Asset

Vulnerability & threat

Impact

Likelihood

Risk

Control(safeguard)

Webserver

Improper session management and same session IDs may give hackers an opportunity to have access user’s previous session logged in from public computers.

5

4

16 (Major)

· OWASP application security verification standard must be implemented to define authentication and session management

· Avoiding exposing any credential in URL or Login information.

Webserver

Attackers may use cross site scripting or XSS vulnerabilities to execute malevolent scripts on the users (Maurer, 2015).

3

3

9(moderate)

· Input output encoding

· Input fields must be white listed

Webserver

SQL injection which may allow attackers to alter SQL statement by changing the user data. 

5

2

10 (Major)

· Avoiding displaying detailed error messages that may give information to the attackers.

· Input filed must be whitelisted

Asset 3- AI Lab

Asset

Vulnerability & threat

Impact

Likelihood

Risk

Control(safeguard)

AI Lab

Poisoning attack could happen which disrupt the models and manipulate the outcome by feeding the corrupted sample data.

5

3

15 (major)

• Computer network intrusion system can be used to detect disruption of crafted sample data

• Training AI system with poisoned data

AI lab

Adversarial attacks may modify input data to make machine learning algorithm malfunction and behave in unexpected manner.

4

2

8(moderate)

• Spam filtration algorithm can be useful in preventing avoid such attacks.

• Biometric authentication

AI Lab

Attacker can trespass image based authentication by changing some pixels invisible to human eyes.

4

2

8(moderate)

• Human decision making must be introduced wherever threat is unavoidable

• Finger print or retinal authentication can be used at sensitive stage.

Conclusion on Common Web Security Vulnerabilities

The above table recognise and analyse potential vulnerabilities and threats that could affect three assets namely; student database, webserver and AI lab of the South Cross university. The control measures are also suggested to enhance cybersecurity. It is important to realise the importance of cybersecurity in order to protect student’s privacy and other sensitive information.

Reference for Common Web Security Vulnerabilities

10 Most common web security vulnerabilities. (2020). Guru99. Retrieved from https://www.guru99.com/web-security-vulnerabilities.html

5 security risks of Artificial Intelligence- Enabled systems. (2019). The National Academic Press. Retrieved from https://www.nap.edu/read/25488/chapter/6

Bhushan, B, & Sahoo, G. (2017). Recent Advances in Attacks, Technical Challenges, Vulnerabilities and Their Countermeasures in Wireless Sensor Network. Wireless Personal Communications, 98(2), 2037-2077. Doi :10.1007/s11277-017-4962-0

Maurer, R. (2015). Top Database Security Threats and How to Mitigate Them. Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database-security-threats.aspx

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Get It Done! Today

Applicable Time Zone is AEST [Sydney, NSW] (GMT+11)
Not Specific >5000
  • 1,212,718Orders

  • 4.9/5Rating

  • 5,063Experts

Highlights

  • 21 Step Quality Check
  • 2000+ Ph.D Experts
  • Live Expert Sessions
  • Dedicated App
  • Earn while you Learn with us
  • Confidentiality Agreement
  • Money Back Guarantee
  • Customer Feedback

Just Pay for your Assignment

  • Turnitin Report

    $10.00
  • Proofreading and Editing

    $9.00Per Page
  • Consultation with Expert

    $35.00Per Hour
  • Live Session 1-on-1

    $40.00Per 30 min.
  • Quality Check

    $25.00
  • Total

    Free
  • Let's Start

Get
500 Words Free
on your assignment today

Browse across 1 Million Assignment Samples for Free

Explore MASS
Order Now

My Assignment Services- Whatsapp Tap to ChatGet instant assignment help

refresh