Scenario: Student Grading System Security Remarkable University is implementing a new student grading system. The system needs to be developed and implemented to ensure that it is both fit for purpose and secure from identified threats. The student grading system’s core components include: ? a front-end web/application server which is used by students, academics and administrative staff ? a database which holds students’ grades The system will need to be built and managed to ensure that the servers are deployed securely and remain secured against common automated and simple manual attacks. Dedicated, targeted attacks are difficult to protect against, however simple measure can be taken to protect against most automated attacks. Identified threats against the system include: ? Grade hacking/modification, e.g. students who may wish to modify their own results or view or modify the results of others ? Privacy concerns, e.g.: ? internal users such as staff or students who may wish to view or modify results; and ? external users who may wish to gain access to or modify results or other personal information ? Malicious code such as worms ? Automated scanning and exploit tools ? Targeted exploit attempts ? Phishing attempts The grading system application needs to remain secured, use appropriate access controls, enforce least privilege, and ensure that information flowing to and from the system is protected. The application needs to be developed in a secure manner and be protected against common attacks, and the database needs to be protected against common automated attacks and use appropriate access controls. All components of the systems, and in particular the application and database, need to have appropriate access controls in place to ensure that only authorized users can access and update the system, and that access is tied to the role of each user. All access to the system should be logged, regardless of whether the...
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here