Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone
This project is conducted with the purpose of identifying security risks associated with E-Learning Systems in UUM Learning Zone by using OCTAVE Allegro. To narrow down the scope of the project, Computer Centre staffs from Universiti Utara Malaysia (UUM) are targeted. The information security risks...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | eng eng |
Published: |
2011
|
Subjects: | |
Online Access: | https://etd.uum.edu.my/2879/1/Tan_Wai_Beng.pdf https://etd.uum.edu.my/2879/2/1.Tan_Wai_Beng.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my-uum-etd.2879 |
---|---|
record_format |
uketd_dc |
institution |
Universiti Utara Malaysia |
collection |
UUM ETD |
language |
eng eng |
advisor |
Nordin, Nazib |
topic |
QA76 Computer software |
spellingShingle |
QA76 Computer software Tan, Wai Beng Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone |
description |
This project is conducted with the purpose of identifying security risks associated with E-Learning Systems in UUM Learning Zone by using OCTAVE Allegro. To narrow down the scope of the project, Computer Centre staffs from Universiti Utara Malaysia (UUM) are targeted. The information security risks of E-Learning Systems will be predicted and classified based on OCTAVE Allegro approach by focusing primarily on information assets in the context of how they are used, where they are stored, transported and processed and how they are exposed to threats, vulnerabilities and disruptions as a result. This project will show the OCTAVE Allegro approach which consists of eight steps that are organized into four phases. Detail descriptions of the OCTAVE Allegro methodology applied is also included in the report. The findings of the project such as highlighting the possible security risks are expected to provide UUM’s Computer Centre management an in-depth view on the information security risks in UUM Learning Zone. |
format |
Thesis |
qualification_name |
masters |
qualification_level |
Master's degree |
author |
Tan, Wai Beng |
author_facet |
Tan, Wai Beng |
author_sort |
Tan, Wai Beng |
title |
Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone |
title_short |
Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone |
title_full |
Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone |
title_fullStr |
Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone |
title_full_unstemmed |
Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone |
title_sort |
evaluation of information security risks of e-learning systems: a case study on uum learning zone |
granting_institution |
Universiti Utara Malaysia |
granting_department |
College of Arts and Sciences (CAS) |
publishDate |
2011 |
url |
https://etd.uum.edu.my/2879/1/Tan_Wai_Beng.pdf https://etd.uum.edu.my/2879/2/1.Tan_Wai_Beng.pdf |
_version_ |
1776103611886993408 |
spelling |
my-uum-etd.28792023-03-19T01:13:34Z Evaluation of Information Security Risks of E-Learning Systems: A Case Study on UUM Learning Zone 2011-06 Tan, Wai Beng Nordin, Nazib College of Arts and Sciences (CAS) College of Arts and Sciences QA76 Computer software This project is conducted with the purpose of identifying security risks associated with E-Learning Systems in UUM Learning Zone by using OCTAVE Allegro. To narrow down the scope of the project, Computer Centre staffs from Universiti Utara Malaysia (UUM) are targeted. The information security risks of E-Learning Systems will be predicted and classified based on OCTAVE Allegro approach by focusing primarily on information assets in the context of how they are used, where they are stored, transported and processed and how they are exposed to threats, vulnerabilities and disruptions as a result. This project will show the OCTAVE Allegro approach which consists of eight steps that are organized into four phases. Detail descriptions of the OCTAVE Allegro methodology applied is also included in the report. The findings of the project such as highlighting the possible security risks are expected to provide UUM’s Computer Centre management an in-depth view on the information security risks in UUM Learning Zone. 2011-06 Thesis https://etd.uum.edu.my/2879/ https://etd.uum.edu.my/2879/1/Tan_Wai_Beng.pdf text eng public https://etd.uum.edu.my/2879/2/1.Tan_Wai_Beng.pdf text eng public masters masters Universiti Utara Malaysia Zhang, J., Zhao, L. & Nunamaker, J. F. (2004), “Can e-learning replace classroom learning?”, Communications of the ACM, 47(5): 75-79. [2] Kritzinger, E. & H von Solms, S.H. (2006), “E-learning: Incorporating Information Security Governance”, Issues in Informing Science and Information Technology Institute, Volume 3, 2006, 319-325. [3] Ahmad Jelani Shaari, Azman Ta’a & Muhamad Shahbani Abu Bakar (2004), “Development and Implementation of an LMS : Universiti Utara Malaysia’s Experience”, 1-14. [4] Caralli, R.A., Stevens, J., Young, L.R. & Wilson, W.R. (2007), “Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process”, Software Engineering Institute, Carnegie Mellon Unversity, 2007 [5] Vorster, A. & Labuschagne, L. (2005), “A Framework for Comparing Different Information Security Risk Analysis Methodologies”, Proceedings of SAICSIT 2005, University of Johannesburg, 95-103 [6] Yin, R.K. 1993, “Application of case study research Newbury Park”, Sage Publications. [7] Kwok, L. & Longley, D. (1997), “Code of practice: A standard for information security management”, In Proceedings of IFIP TCII, 13th International Conference on Information Security. [8] Von Solms, S. H. & Eloff, J. H. P. (2004), “Information Security”, Johannesburg, South-Africa. [9] Von Solms, S. H. (2001a), “Information security – A multidimensional discipline”, Computer & Security, 20(6): 504-508. [10]Alberts, C., Dorofee, A., Stevens, J. & Woody, C. (2004) “OCTAVE-S Implementation Guide, Version 1”, Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. [11]Woody, C. (2006), “Applying OCTAVE: Practitioners Report”. Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. [12]Mason, R. and Rennie. F. (2006), “E-learning: the key concepts”, Routlege, Abingdon Great Britain. [13]Eklund, J., Kay, M. and Lynch, H.M. (2003), “E-learning: emerging issues and keytrends: A discussion paper”, Australian National Training Authority, Australia. [14]Conole, G., Smith, J. and White, S. (2007), “A critique of the impact of policy and funding”, in Conole, G. and Oliver, M. (eds). Contemporary perspectives in E-learning Research themes, methods and impact on practice”, Routledge, London, New York, pp. 38-54 [15]Dietinger, T. (2003), “Aspects of E-Learning Environments (unpublished Doctor of Technical Sciences thesis)”, Institute for Information Processing and Computer Supported New Media (IICM), Graz University of Technology, Austria. [16]Morrison, D. (2003), “E-learning strategies”, Wiley Chichester. [17]Allen, E. and Seaman, J. (2007), “Online Nation Five Years of Growth in Online Learning”, I. Sloan Consortium, United States. [18]Jain, K. K. and Ngoh, L. B. (2003), “Motivating Factors in e-learning - Case Study of UNITAR, Student Affairs Online”, [Online], vol. 4, no. 1, pp. 21, June, 2008 available at: http://www.studentaffairs.com/ejournal/Winter_2003/e-learning.html [19]A. Aziz, S.H., M.Yunus, A.S., A. Bakar, K. and B. Meseran, H. (2006), “Design and development of learning management system at Universiti Putra Malaysia : A case study of e-SPRINT. I”, WWW 06: Proceedings of the 15th international Conference on World Wide Web, May 23-26, 2006, Edinburgh, Scotland, ACM, New York, pp.979-980 [20]Raitman, R., Ngo, L. and Augar, N. (2005), “Security in the Online E-Learning environment”, Advanced Learning Technologies, 2005. ICALTv2005. Fifth IEEE International Conference on Advanced Learning technologies, pp. 702-706. [21]Rosenberg, M.J. (2001), “E-learning strategies for delivering knowledge in digital age”, McGraw-Hill, New York. [22]Graf, F. (2002), “Providing security for elearning”, Computers & Graphics, vol. 26, no. 2, pp.355-365. [23]Norman, S. and Da Costa, M. (2003), “Overview of e-learning Specifications and Standards”, Open Learning Agency, and Eduspecs Technical Liaison Office. [24]Furnell, S.M. and Karweni, T. (2001), “Security issues in Online Distance Learning”, VINE: The Journal of Information and Knowledge Management Systems, vol.31, no.2. [25]Yang, C., Lin, F.O. and Lin, H. (2002), “policy-based Privacy and Security Management for Collaborative E-education Systems”, Proceedings of the 5th IASTED International Multi-Conference Computers and Advanced Technology in Education (CATE 2002), pp. 501-505. [26]Saxena, R. (2004), “Security and online content management: balancing access and security”, Breaking boundaries: integration and interoperability, 12th Biennial VALA Conference and Exhibition Victorian Association for Library Automation. [27]Yong, J. (2007), “Digital Identity Design and Privacy Preservation for e-Learning”, Proceeding of the 2007 11th International Conference on Computer Supported Cooperative Work in Design, pp.858-863. [28]Treek, D. (2003), “An integral framework for information systems security management”, Computer & Security, vol.22, no. 4, pp.337-360. [29]Abrams, M.D., Jajodia, S. and Podell, H.J. (1995), “Information Security: An Integrated Collection of Essays”, in IEEE Computer Society Press, Los Alamitos, CA, USA, pp.98-99. [30]Whitson, G.(2003), “Computer security: theory, process and management”, J. Comput. Small Coll, vol.18, no. 6, pp. 57-66. [31]Bornjman, M.G., and Labuschagne L.(2006), “ A Comparative Framework for Evaluating Information Security Risk Management Methods”, Standard Bank Academy for Information technology, Rand Afrikaans University, South Africa. [32]Martin, J (2003), “Information Systems Security Training Virus and Worms”, InfoSec Professionals, 2003. [33]Bornman, G. and Labuschagne, L. (2004), “A Comparative framework for evaluating information security risk management methods”, In proceedings of the Information Security South Africa Conference, 2004. [34]Alberts, C. and Dorofee, A. (2002), “Managing information security risks, The OCTAVE approach”, Addison Wesley, 2002. [35]Fredriksen, R., Kristiansen, M., Gran, B., and Stolen, K. (2001), “The CORAS framework for a model-based risk management process”, 2001. [36]Karabacak, B. and Sogukpinar, I. (2005), “ISRAM: Information security risk analysis method”, Computer & Security, vol.24, no. 2, pp.147-159. [37]INTERNATIONAL SECURITY TECHNOLOGY Inc (IST Inc). 2000, “Managing risks using CORA”, PowerPoint presentation. [38] Najwa Hayaati Mohd Alwi and Ip-Shing, F. (2010), “E-Learning and Information Security Management”, Infonomics Society, 2010. [39]Raitman, R., Ngo, L., Augar, N. and Zhou, WL., (2005), “Security in the Online E-learning Environment”, Proceedings of the Fifth IEEE International Conference on Advanced Learning Technologies (ICALT ’05), 2005. [40]Patomviriyavong, S., Samphanwattanachai, B. and Suwannoi, T., (2006), “eLearning Operational Risk Assessment and Management: A Case Study of the M.Sc. in management Program”, Third International Conference on eLearning for Knowledge-Based Society, August 3-4, 2006, Bangkok, Thailand. |