Cybersecurity Assessment and Vulnerability Modelling of Networks and Web Services in Nigerian Colleges of Education

Article Sidebar

PDF
Published: Aug 12, 2024
DOI: https://doi.org/10.53982/ajerd.2024.0702.13-j
Keywords:
ICT, Cybersecurity, Threat Modelling, Network, Web Services, Vulnerability Assessment, STRIDE, Mitigation

Main Article Content

Nnachi Lofty Amah
Department of Computer Science, School of Secondary Education - Science Programmes, Federal College of Education, Kontagora, Niger State
Muhammad Ndagie Musa
Department of Computer Science, School of Secondary Education - Science Programmes, Federal College of Education, Kontagora, Niger State
Abdullahi Jibrin Mohammed
Department of Computer Science, School of Secondary Education - Science Programmes, Federal College of Education, Kontagora, Niger State
Bayode Olu-Ojo
Department of Fine and Applied Art, School of Secondary Education - Vocational Programmes, Federal College of Education, Kontagora, Niger State

Abstract

Cybersecurity threats are among the most significant risks facing organizations and government today, and administrative boards have now been held accountable. This is an experimental research activity conducted to perform a holistic cybersecurity assessment and vulnerability modelling on the Information and Communication Technology (ICT) infrastructure and services of Colleges of Education in the six geopolitical zones. The study adopts an integrated bi-modal threat modelling and assessment (IBTMA) method by combining assessment and modelling approaches, which involves mixed-methods, along with computer-based experimentation to comprehensively evaluate and model cybersecurity threats, identify vulnerabilities, and propose effective mitigation strategies. Logistic regression data analysis was used to model the relationship between dependent variables (e.g., presence or absence of vulnerabilities or threats) and independent variables (e.g., cybersecurity practices, system configurations, policies, and staff training programs). This cybersecurity assessment provides the initial understanding of the security landscape and practices. The next step involves using the Microsoft Threat Modeling tool on the assets to identify specific threats. These threats are then prioritized based on their potential impact and likelihood. Assessment result of the vulnerability exposure is supported by the threat modelling report, which shows several threats: tampering, elevation of privilege, denial of service, privilege escalation, information disclosure, and spoofing. Findings from the study indicate that colleges face critical network and web vulnerabilities that need holistic solution.

Article Details

How to Cite
[1]
N. L. Amah, M. N. Musa, A. J. Mohammed, and B. Olu-Ojo, “Cybersecurity Assessment and Vulnerability Modelling of Networks and Web Services in Nigerian Colleges of Education”, AJERD, vol. 7, no. 2, pp. 127-138, Aug. 2024.
Issue
Vol. 7 No. 2 (2024)
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC

References

[1] Cybercrime Ventures. (2023). Cybercrime To Cost the World $9.5 trillion USD annually in 2024. [Online]. Available: https://cybersecurityventures.com/cybercrime-to-cost-the-world-9-trillion-annually-in-2024. [Accessed: May. 7, 2024].
[2] National Cybersecurity Policy and Strategy. (2021). National Cybersecurity Policy and Strategy 2021. [Online]. Available:https://cert.gov.ng/ngcert/resources/NATIONAL_CYBERSECURITY_POLICY_AND_STRATEGY_2021.pdf. [Accessed: Nov. 29, 2023].
[3] Kshetri, N. (2019). Cybercrime and Cybersecurity in Africa. Journal of Global Information Technology Management, 22(2), 77–81.
[4] Ponemon Institute. (2019). The Cost of Cybercrime. [Online]. Available: https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf. [Accessed: Nov. 29, 2023].
[5] Mbowe, E., Zlotnikova, I., Msanjila, S., & Oreku. G. (2014). A Conceptual Framework for Threat Assessment Based on Organization’s Information Security Policy. Journal of Information Security, 5, 166-177.
[6] Deloitte. (2022). Nigeria Cybersecurity Outlook 2022. [Online]. Available: https://www2.deloitte.com/za/en/ghana/pages/risk/articles/nigeria-cybersecurity-outlook-2022.html. [Accessed: Nov. 29, 2023].
[7] Bertino, E., Martino, L., Paci, F., & Squicciarini, A. (2010). Security for web services and service-oriented architectures. Heidelberg: Springer, 4,67.
[8] Fischer, E.A. (2005). Creating a National Framework for Cybersecurity: An Analysis of Issues and Options. Congressional Research Service. [Online]. Available: https://fas.org/sgp/crs/natsec/RL32777.pdf. [Accessed: Sept. 05, 2023].
[9] EC-Council (2011). Penetration Testing Procedures & Methodologies. Course Technology, Cengage Learning, Clifton Park, NY 12065-2919, USA
[10] Da Veiga, A., & Martins, N. (2015). Information security culture and information protection culture: A validated assessment instrument. Computer Law & Security Review, 31(2), 243-256
[11] Umaro, S., Kaur, M., & Gupta, G. K. (2012). Vulnerability assessment and penetration testing. International Journal of Computer & Communication Technology, 3(6-8), 71-74.
[12] NIST. (2014). Framework for Improving Critical Infrastructure Cybersecurity. [Online]. Available: https://www.nist.gov/sites/default/files/documents/cyberframework/nist-cybersecurity-framework-update-120514.pdf. [Accessed: May. 11, 2023].
[13] NDV. (2022). Computer Security Resource Center. [Online]. Available: https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=MYSQL. [Accessed: Nov. 29, 2023].
[14] Malwarebytes. (2023). 2023 State of Malware. [Online]. Available: https://go.malwarebytes.com/rs/805-USG-300/images/MWB_State_of_Malware_Report_2023.pdf. [Accessed: May. 2024].
[15] Oriokot, L., Buwembo, W., Munabi, I., & Kijjambu, S. (2011). The introduction, methods, results and discussion (IMRAD) structure: A Survey of its use in different authoring partnerships in a students' journal. BMC research notes, 4(1), 1–5.
[16] OSV (2024). A distributed vulnerability database for Open Source. [Online]. Available: https://osv.dev. [Accessed: May. 11, 2024].
[17] CVE (2024) Common Vulnerabilities and Exposures — CVE: The Standard for Information Security Vulnerability Names, 2024. [Online]. Available: https://cve.mitre.org/docs/cve-intro-handout.pdf. [Accessed: May. 11, 2024].
[18] CVSS (2024). Common Vulnerability Scoring System. [Online]. Available: https://www.first.org/cvss. [Accessed: May. 11, 2024].
[19] NVD (2023). NVD Dashboard. [Online]. Available: https://nvd.nist.gov/general/nvd-dashboard. [Accessed: May. 11, 2024].
[20] Rao, U. H., Nayak, U., Rao, U. H., & Nayak, U. (2014). Intrusion detection and prevention systems. The InfoSec Handbook: An Introduction to Information Security, 225-243.
[21] Hasani, T., O’Reilly, N., Dehghantanha, A., Rezania, D., & Levallet, N. (2023). Evaluating the adoption of cybersecurity and its influence on organizational performance. SN Business & Economics, 3(5), 97.
[22] Liu, C. W., Huang, P., & Lucas Jr, H. C. (2020). Centralized IT decision making and cybersecurity breaches: Evidence from US higher education institutions. Journal of Management Information Systems, 37(3), 758-787.
[23] Ruefle, R., Dorofee, A., Mundie, D., Householder, A. D., Murray, M., & Perl, S. J. (2014). Computer security incident response team development and evolution. IEEE Security & Privacy, 12(5), 16-26.
[24] AlMindeel, R., & Martins, J. T. (2021). Information security awareness in a developing country context: insights from the government sector in Saudi Arabia. Information Technology & People, 34(2), 770-788.
[25] Microsoft (2023). Threat Modeling. [Online]. Available: https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling. [Accessed: May. 11, 2024].
[26] Juma, A. H., Arman, A. A., & Hidayat, F. (2023). Cybersecurity Assessment Framework: A Systematic Review. In 2023 10th International Conference on ICT for Smart Society (ICISS). IEEE, 1-6.