S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.

Slides:

Advertisements

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Advertisements

The Conceptual Framework of mLearning Security for University in Thailand Sarawut Ramjan Department of e-Commerce Management North-Chiang Mai university.

Mobile Security Guide Matt Scofield, Eric Samson, Cong Le.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

A Comprehensive Study for RFID Malwares on Mobile Devices TBD.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Security Issues and Challenges in Cloud Computing

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Consideration for Information Security Issues in Geospatial Information Services of Local Governments Makoto Hanashima Institute for Areal Studies, Foundation.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Risk Management.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Network security policy: best practices

5205 – IT Service Delivery and Support

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Incident Response Updated 03/20/2015

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Difficulties of E-Learning in Cloud Computing

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

SEC835 Database and Web application security Information Security Architecture.

SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

1 Prepared By Baderdeen J Alsaba Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al-Sayegh University of Palestine College of Information Technology Security.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Presented by: Sanketh Beerabbi University of Central Florida.

Barriers to M-learning in Higher Education Institutions in Nigeria S. A. Shonola & M. S. Joy.

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

Module 6: Designing Security for Network Hosts

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.

Topic 5: Basic Security.

Introduction to Information Security

Security fundamentals Topic 10 Securing the network perimeter.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Computer Security By Duncan Hall.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Role Of Network IDS in Network Perimeter Defense.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6 - Essentials of Design an the Design Activities.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

The term m-learning ("mobile learning"), has different meanings for different communities, covering a range of use scenarios including e- learning,

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Successfully Implementing The Information System Systems Analysis and Design Kendall and Kendall Fifth Edition.

Critical Security Controls

Secure Software Confidentiality Integrity Data Security Authentication

Electronic voting – safe or not?

Security in Networking

CYB 110 Competitive Success/snaptutorial.com

CYB 110 Education Begins / Snaptutorial.com. CYB 110 All Assignments For more classes visit CYB 110 Week 1 Individual Protecting.

CYB 110 Education Begins / tutorialrank.com. CYB 110 All Assignments For more course tutorials visit CYB 110 Week 1 Individual Protecting.

CYB 110 Teaching Effectively-- snaptutorial.com

I have many checklists: how do I get started with cyber security?

ISMS Information Security Management System

Home Internet Vulnerabilities

IBM GTS Storage Security and Compliance overview.

Presentation transcript:

S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments

Outline Introduction Research Purpose M-learning Security M-learning security Framework M-learning security Sub-framework Evaluation & Results Conclusion Security Framework for Mobile Learning Environments

Mobile Learning Introduction Non availability of mobile learning security framework Security threats to mobile learning systems A subset of e-learning Group discussion among learners Access to learning content & materials Shortens learning curves and improves students’ performance Advantages Concerns

Research Purposes Mobile devices used in m-learning are vulnerable to security flaws The use of m-learning has introduced new threats to the learning environment There is need for security design at development stage Identification of vulnerable points in m-learning environments is important A proposed security framework for m-learning based on CIA dimension Application of the framework at three sub-levels Security Framework for Mobile Learning Environments

M-learning Security Are stakeholders security conscious? Do m-learning advocates / developers take security seriously when developing m-learning apps? Is any security framework used in m- learning environment? Is there any security measure to check threats from free WI-FI when learners are accessing m-learning systems on the move?

M-learning Security Sharp increase in mobile malware Image obtained from Indiatechonline.com The number of security issues on mobile device has increased exponentially over the years and continued to do so. The high number of malware growth further buttress the need to have sound and reliable security framework for mobile learning.

Proposed M-learning Security Framework M-learning Architecture and Requirements Architecture Requirements Three layers design:  Mobile device (client) for m-learning  M-learning servers (app, web & database)  M-learning network infrastructure Triad CIA security dimension:  Confidentiality  Integrity  Availability

M-learning Architecture and Requirements contd. Conceptual framework Identifying and safeguarding vulnerable points in the client, server and network infrastructure of an m-learning system which are prone to attacks is the basis of the framework. The framework security policy is based on CIA triad dimension in accordance with ISO/IEC27001 and ISO/IEC17799:2005 standards. Threats and attacks can penetrate the m-learning environment through the mobile device, the server or the network equipment as they are indicated to be the vulnerability points. A threat can spread from one vulnerability point to another and penetrate all other mobile learning systems as the devices are connected to one another. In m-learning context, the database server may be a major target since all students’ personal information, assessment, grades and feedback are centrally stored in it while the mobile device may be a target if the purpose is to have unauthorised access to learning content stored in it. The mobile learning framework can detect any threat and deter any attack before penetrating the system.

Proposed M-learning Security Framework The proposed m-learning framework is a generic one having three sections: the threats and attacks, m-learning environments and possible solutions. The m-learning environment is subdivided into CIA triad security requirements and vulnerability points in order to determine threats and attacks that are peculiar to each vulnerable point.

Mobile Client Sub-framework This is a mobile device sub-framework designed to detect, prevent and give a solution to any attack or threat to mobile devices. The mobile client comprise of the threat, vulnerability points, security requirements and possible solutions. If a mobile device is lost or stolen, the CIA requirement affected is the availability as the device cannot be available for legitimate use. Regular online data backup can make another copy of data available for immediate use. The location of the mobile device can be tracked and found. Remote wipe can be used clear confidential data if the mobile is lost

Server Sub-framework The server sub-framework is developed to protect the m-learning host systems from various threats and attacks. For example, malware and malicious programs (targets poorly designed server) can affect availability, integrity and confidentiality. Putting in place the triad CIA requirements through regular patch updates and installing antivirus/malware can deter threats and attack.

Network Sub-framework This is a network infrastructure sub-framework detailing possible threats and attacks, CIA requirements and possible solutions to them. Aside from a physical attack that affects availability and can be prevented with adequate physical security policy, unscheduled down time/ disruption is a major network infrastructure threat.

Evaluation & Result Security Framework for Mobile Learning Environments The framework and the sub-frameworks were examined and evaluated during a study on mobile learning security in four universities in Nigeria. The feedback from the study shows that 9 out of ten participants agreed that security issues around confidentiality, integrity and availability are major concerns in implementing and deploying mobile learning successfully in Higher Education Institutions The result from the study further shows that mobile device client is the most common vulnerable point that is prone to attack.

Based on the result, efforts on m-learning security framework should be directed to having extremely secured mobile client devices. Conclusion