Information Security Survey at Higher Educational Institutions

Target group. The survey was distributed to35 different universities from the central, eastern, and western regions of Kingdom of Saudi Arabia.

Survey participants. From information technology department: chief information security officer (CISO), IT security executive director, information security officer, information security manager, IT Security director, network security specialist, application manager, network security administrator, IT dean, application specialist, and associate dean of technical affairs.

WE WRITE PAPERS FOR STUDENTS

Tell us about your assignment and we will find the best writer for your project.

Write My Essay For Me

Target response rate. The obstacles in administrating the survey are included in the following: the long distance which caused difficulties while contacting the participants, also, Participants didn’t cooperate easily, in addition to that, survey was distributed during finals. Several steps were taken to enhance the response rate and overcome those obstacles. Thus, we have got 25 respondents out of the 35. The target response rate exceeded all expectations.

Administering the survey. The survey was established using Microsoft Word. There were 21 questions that can be used to measure overall information security risk. The first 9 questions discussed the information security incidents that these institutions might have. The following 6 questions measured security systems and technologies. The last 6 questions were about security implementations including warning systems, inspection plans, monitoring, and improvement. The survey was administered through the academic research center or IT security department of each university. We distributed the questionnaire attached with instructions of the survey process. Some of the questions included a comment space to provide feedback on the questions if there is any, or perhaps giving an additional option that is not included in the questions.

Security Threats and Vulnerabilities.  The first two questions were very important since they helped specifying the universities’ top security incidents. Figure 1 shows the top five risks that threaten more than 50% of the universities are malware (e.g., viruses, worms, spyware, and Trojan horses), spam, the leakage of sensitive information, account hijacking (phishing, fraud or computer abuse), and unsafe software applications.

1.Which threats and vulnerabilities have most increased your information security risk exposures? [1], [6]

As for the second question, respondents were asked which threats concern them the most in the last ten years are clearly shown and are easy to identify. Figure 2 shows that almost 45% of the universities agreed that information leakage and malware are two threats with the highest risk and infection rate.

2.Which of those cyber threats could be the most three urgent and worst issues the department faced in the last ten years? [2]

After analyzing these two answers, it has been shown that the leakage of confidential information (data breaches) needs more attention in Saudi’s higher educational system. Once information systems have been compromised, internal private documents may fall into the hands of theft or unauthorized individuals which may cause loss or data leakage.

A third of respondents have other security issues like user awareness about information security risks and policies, business continuity (renewal of license for some important applications), managing accessibility for the users, lack of control of PCs, nodes and applications, also, there are no guidelines provided for the employee to improve overall cyber security strength.

Degree of Confidentiality. Institutions were asked what is the degree of confidentiality of the sensitive information produced or handled by the department?Figure 4 shows that37% of the surveyed universities mentioned that confidential information requires more protection against unauthorized or premature disclosure [3]. and 60% of them are working to improve the security measures taken.

Data Leakage Reason. Confidential documents might be leaked because of one or more of the reasons listed to the participants (see figure 5). More than 70% of these institutions agreed on the reasons for the leakage of sensitive information, which are unauthorized access to systems or network using someone else’s ID (identity thefts), also, Employees download, temporarily store and transfer confidential documents to USB drive.

Looking at figure 6, it appears that unauthorized access, malicious software, USB drives using, Power failure, and hardware failure (head crash) Occupy the highest percentage, while fire, files or programs deletion by accident, software failure (freezing), and data corruption (system corruption, or database corruption) come with the lowest percentage.

Instance of Fraud. Fraud (diploma fraud, or computer abuse) is considered an important security issues the educational institutions might have. Only 34% of them are 100% secure and didn’t have any instance of fraud.

Security Systems and Operations. It’s important to examine the technologies being utilized to prevent and protect from cyber-attacks. Security systems would help to manage the processes of security risk identification which can affect the achievement of your department’s objectives. The majority of respondents reported the use of access control, firewall, and anti-malware protection.

More than 80% of respondents reported using network structure, or spam filters. More than 70% reported using application controls, wireless encryption, IPS(IPDS), or IDS configuration. While encryption, biometrics, authentication, and digital signature are less used as a security step in their security operation. One of the most important issues of higher education department in Saudi Arabia is that some of universities databases are not encrypted and some of them are encrypted with weak algorithms.

Desktop and Wireless Protection. The following two graphs discuss the methods being applied to protect either wireless communication and desktop.

Security Implementation Process. This part examines the implementation plan for management and technical measures. Result indicates that IT security systems standards and policies are being implemented by the majority of surveyed institutions.

Warning system. When asked if they have a caution system or program to inspect internet connections, identify intrusion attempts, and discover the vulnerabilities? 72% of respondents had early warning and detection system in place to mitigate the risk and reduce the chance of cyber security incidents. However, the majority of institutions are only able to detect simple security incidents, which means that they have to get a head of cyber-attacks and develop stronger mitigation strategies to protect their systems and data [2].

Monitoring. Monitoring software in the potential high information security risk areas which designed to monitor systems activities and help to recover from frauds and malicious activities.

Inspections. Inspection plans outlining security policies and procedures being used for reporting and responding to the cyber risks.

Improvement. The participants were asked if the department have any improvement methodology in place to determine the effectiveness and enhance the security systems? 44% of respondents indicated that they still need a lot to improve.

Higher education institutions should place more attention on prevention and defense strategies. Being able to detect cyber incidents as early as possible is one important step in mitigating the threats with the highest risk. After being aware of the higher education security system in Saudi Arabia, the next step will be applying the best suitable techniques on cloud database server using cryptographic controls and having some forensic measures.

BEST-ESSAY-WRITERS-ONLINE

Order Original and Plagiarism-free Papers Written from Scratch:

PLACE YOUR ORDER