This study explores the realm of academic cybersecurity, focusing on the development of a comprehensive framework for network penetration testing tailored specifically to the academic environment. Cybersecurity in academia is of paramount importance, given the wealth of sensitive data and intellectual property stored within academic institutions. The objective of this research is to integrate technical assessments, user education, and policy recommendations into a holistic framework that addresses the unique challenges faced by academic networks.
Respondents emphasized the importance of a comprehensive framework, with a focus on identifying and mitigating vulnerabilities (92.7%) and enhancing overall network security and data protection (82.9%). The proactive approach to threat identification (85.4%) and user education (85.4%) was also highly regarded.
Regarding technical assessments, vulnerability scanning (80.5%) and penetration testing (75.6%) were considered highly effective methods. Respondents largely recommended quarterly assessments (73.2%) to maintain a proactive security posture. User education was deemed extremely important (70.7%), with training workshops or seminars (87.8%) emerging as the preferred method to promote cybersecurity awareness. Additionally, there was recognition of the significance of data protection and encryption (97.6%), access control and user privileges (87.8%), and security awareness training requirements (80.5%) in cybersecurity policies tailored to academia.
Keywords: Network Penetration Testing, Cybersecurity Framework, User Education, Vulnerability Scanning
Introduction
Cybersecurity is a comprehensive term encompassing protective measures designed to safeguard computer systems and networks against unauthorized access, thereby ensuring the preservation and integrity of the stored information (Aloul, 2012). It entails a range of technical interventions aimed at shielding data, identity information, and hardware from unauthorized access or potential harm, extending to the protection of digital assets in cyberspace.
Furthermore, Seemma, Nandhini, and Sowmiya (2018) shed light on cybersecurity by noting that it encompasses techniques documented in published materials, all aimed at fortifying the cyber environment for both individuals and organizations. These techniques form a comprehensive set used to ensure the integrity of networks, software applications, and data, thereby preventing any unauthorized access attempts. Read the full article here
To provide a more precise definition, Craigen, Diakun-Thibault, and Purse (2014) articulate it as follows: ‘Cybersecurity constitutes the systematic organization and deployment of resources, processes, and structures, all orchestrated to safeguard specific assets in cyberspace and systems enabled by cyberspace from any incidents that deviate from the legally prescribed property rights’.