In an era where academic institutions increasingly rely on information technology, the security of academic networks has emerged as a paramount concern. This comprehensive study delves into the effectiveness of security practices, including network mapping, vulnerability scanning, and penetration testing, within academic networks. Leveraging data from surveys administered to faculty, staff, IT professionals, and IT students in the university, the study assesses their familiarity with these practices, perceived effectiveness, and frequency of implementation.
The findings reveal that a significant portion of respondents exhibit a strong understanding of network mapping, vulnerability scanning, and penetration testing, highlighting the presence of knowledgeable professionals within academic institutions. Additionally, active scanning using network scanning tools and automated vulnerability scanning tools emerge as highly effective method.
However, concerns arise as the respondents show that the academic institutions conduct these practices rarely or never. Notably, many respondents have reported significant vulnerabilities or security incidents through these security measures within their institution.
Key Words: Network Security, Academic Networks, Vulnerability Scanning, Penetration Testing, Information
Security
Introduction
Information security, often referred to as INFOSEC, plays a vital role in safeguarding computer systems and data, especially in educational institutions like universities. INFOSEC aims to protect data from unauthorized access, disclosure, modification, disruption, or destruction.
Ethical hackers or penetration testers assess vulnerabilities with explicit consent from management, aiming to improve security. This sets them apart from attackers who exploit vulnerabilities without authorization( Adu-Boahene, 2021). Read the full article here.
Information security assessments, including penetration testing, are essential for maintaining data safety. Penetration testing involves authorized professionals simulating real-world attacks to assess the security of a computer system.