Escolar Documentos
Profissional Documentos
Cultura Documentos
Unauthorized access
Hacking/Cracking
Obtaining sensitive information
Altering data & configuration
Enabling academic misconduct incidents
Insider IS misuse/cyber threats
Knowledgeville university
Began using e-learning from 2001-02
2002-03 : 84 courses using e-learning
120 faculty members using 42 courses
There are four basic security requirements to which all real-world(composite) requirements can
be traced:
Secrecy: Users may obtain access only to those objects for which they have received
authorization. They are not granted access to information they must not see.
Integrity:Only authorized users or processes are permitted to modify data (or programs).
Availability:Availability is a requirement that is often neglected when thinking about security.
However, productivity of users decreases dramatically if network-based applications are not
available or too slow because of denial-of-service attacks. If, for example, a web-based elearning system is slow, users do not only require more time to do their work, but they also
become frustrated, increasing the negative effect on productivity.
Non-Repudiation:Users are unable to (plausibly) deny having carried out operations. For
instance, whenever grades of students are changed, it must be possible to reliably trace who has
performed the modification.
Security Risk Analysis
As previously mentioned, a risk analysis needs to be part of each project. It will cover all risks
that are relevant to a project including also non-security risks. Typical non-security risks are
uncertainties concerning the budget or personnel planning. To systematically analyze security
risks, it is essential that a security risk analysis is performed.
Short term:
1. Documentation of all student activities for the next two weeks during
the security assessment.
Contact course tutors, professors, and student assistants to fill missing
gap in data for three week unrecoverable period.
Students involved the courses can also be contacted to construct the
missing three week data.
2. BACK UP TECHNIQUES using PEER to PEER model.
Distribute load to a node
Function of entire system does not stop even if some node breaks
down.