JASIC Volume. 4, Issue 1 (2023)

Contributor(s)

Sabo Muhammed, Muwanga Zake, V.S. Manjula & Auwal Saleh
 

Keywords

Web application vulnerabilities threats risk analysis; higher education institutions
 

Download Full-text (PDF)

... Download File [ 0.45 MB ]
 
Go Back

Identification and mitigation of the vulnerability of web applications in institutions of higher education

Abstract: The security of information technology, specifically web applications, has become an area of concern today. Computer cybercrime is now a significant problem that affects more than just businesses and organizations. Higher education institutions also began to experience computer threats that revealed their information assets. Universities, polytechnics, colleges of education, research centers, and other postsecondary institutions are probably the most vulnerable because they house sensitive data on their faculty, staff, and students, as well as academic records of scientific and technological advancements and research. The first step in an information system security strategy is risk analysis management It helps in assessing the risk of information assets to know their security level or status, and assist in define a security control measures and implementation of technical plan to avoid threats that exploit some vulnerability that could cause severe damage to an asset or infrastructure of institutions higher education (IHEs). This article presents some recommendations to perform a risk analysis management in IHEs to accessed threats and vulnerability that helps to lower the risk of their information assets. This article presents existing educational threat and vulnerability on their web applications. Ensuring security is a goal of every organization regardless of its size or purpose and also proposed a risk management model. With the information technology, an organization may be considered secure when it ensures the confidentiality, integrity, and availability of information and IT assets. Confidentiality may be broken due to theft of sensitive information such as trade secrets, clients’ personal information.