Professional Documents
Culture Documents
INTERVENTION EDOJA
DECEMBER, 2020
CYBER SECURITY MANAGEMENT SYSTEM: A CASE STUDY OF DELTA
STATE UNIVERSITY, ABRAKA
INTERVENTION EDOJA
FOS/16/17/240119
DECEMBER, 2020
ii
CERTIFICATION
BY
INTERVENTION EDOJA
This is to certify that this project was carried out by Edoja Intervention under the
___________________ ____________________
Prof. Anthony Imiavan Date
(Project Supervisor)
__________________ ____________________
Dr. (Mrs.) M. Akazue Date
(Head of Department)
iii
DEDICATION
This work is dedicated to God Almighty, the author and finisher of my faith, Amen.
iv
ACKNOWLEDGEMENTS
This research may not have been completed without the grace of God, my gratitude goes
to God, whom through him everything was made possible for this great task to come to
pass, I thank him for his protection, preservation, provision and intellectual horizon to
Creating time out of his busy schedule to put me through on this work and to perform
My appreciation goes to my father Lt RT. RVE (Dr) Phillip Edoja and my mother REV
Mrs. Shine Elo for their encouragement and financial provisions and prayers also to my
siblings
My appreciation goes to my friend: Victor Eyibera for his advice and support through this
race.
v
TABLE OF CONTENTS
COVER PAGE i
TITLE PAGE ii
CERTIFICATION iii
DEDICATION iv
ACKNOWLEDGEMENTS v
TABLE CONTENTS vi
ABSTRACT xii
vi
2.5 Cyber Security Risk Management Framework 19
3.2.1 Methodology 32
vii
4.3.2 Navigational Structure Design 47
5.1 Summary 55
5.2 Conclusion 55
5.3 Recommendations 56
REFERENCES
viii
ABSTRACT
This study developed a cyber security management system using Delta State University,
Abraka as case study. Cyber security management, in recent years, has become a serious
problem for organizations to deal with, especially financial institutions and individuals.
With the advancement of the Internet, the ability to implement underhanded and deviant
practices has become prevalent. This research work provides an overview of the literature
that discusses the cyber-crimes and provides users with the ammunition to prevent them
from becoming victims. Furthermore, this research work described the software
development methodology used. And also, the functional and non-functional
requirements of the system were explained in detail and the use cases diagram was to
define the interactions between a role and a system. The use case diagrams show detailed
data modeling of the system which was translated into code. In addition, this research
work discussed the system design and implementation of the cyber security management
system. The application was design and implemented, in order to create a modifiable
application, suitable as a model for other similar systems.
ix
CHAPTER ONE
INTRODUCTION
We are in the age of a new revolution that witnesses the birth of a new culture. Internet is
the most important element of this culture. As an opportunity, space and medium, the
internet has redefined social and political frontiers in politics, economics, sociology and
anthropology in addition to digital and virtual frontiers on a local and universal level. The
field of law, which sets the rules for enabling common life experiences, has to broaden
the
scope of rights and responsibilities, crime and punishment in the face of these
developments where new changes are added to the list every day. At this point, a new
terminology of security and crime was developed, which is defined by names such as
become one of the most controversial topics in public and private platforms (Watson and
Watson, 2017).
Cyber is used to describe concepts or entities that involve or contain computer and
computer networks and cyberspace is used to describe the abstract or concrete area in
which interconnected hardware, software, systems and people interact and/or interact
(Limburg,
2015).
Cyber security term is also used with interchangeably information security term and goes
beyond the boundaries of traditional information security to include not only the
1
protection of information resources, but also that of other assets, including the person
him/herself (Sols and Niekerk, 2013). Cyber security is the secrecy, integrity and
accessibility of the information used in all these cyber elements (Goodrich and Tamassia,
2018).
and the information contained in these systems are defended and protected against any
criminal, attack or destruction. Cyber security can also be seen as the sum of tools,
courses, best practices, security and technologies that can be used to protect the assets of
Cyber security can be defined as security provided by cyberspace. Cyber space is a non-
physical field in which all systems of information and information that are spread all over
the world and into the world are involved, and the systems of information systems that
are interdependent and interacted with each other by people are connected with each
other or with people (Bıçakçı, 2014; Göçoğlu, 2018). Moreover, cyberspace is now
considered the fifth domain of warfare after land, sea, air, and space (Economist, 2013).
illegal system for the transmission of data, performed all kinds of unethical or
addressed in the direction of risk of threat. The most important threat is the cyber-attacks.
2
2018). In cyberspace societies need individuals who need to take place in both countries
in terms of very vital information, cyberspace for malicious individuals, institutions and
has become a clear target for the state. The unauthorized access of malicious people to
and countries and these persons may destroy, change and disclose this information
The cyber criminals use specific application from a distance that allows their access to
other systems. The applications used by cyber criminals are referred to as malware
(malicious software). The malicious software includes viruses, worms, spyware, and
However, there are developing scenario of the evolution of new type of war - the internet
cybercrime - which will cause destruction of greater magnitude than the two past world
wars- if not properly nipped in the bud. It has been established that Nigeria is an
impressionable country. The advent of the internet to her was both welcome and full of
and the negative impact on the socio-economy of the country is highly disturbing. Over
the past twenty years, immoral cyberspace users have continued to use the internet to
commit crimes; this has evoked mixed feelings of admiration and fear in the general
populace along with a growing unease about the state of cyber and personal security. This
phenomenon has seen sophisticated and extraordinary increase recently and has called for
quick response in providing laws that would protect the cyber space and its users.
3
The first recorded cyber murder was committed in the United States seven years ago.
According to the Indian Express, January 2002, an underworld don in a hospital was to
undergo a minor surgery. His rival went ahead to hire a computer expert who altered his
prescriptions through hacking the hospital’s computer system. He was administered the
altered prescription by an innocent nurse, this resulted in the death of the patient (Mohsin,
2016).
Statistically, all over the world, there has been a form of cyber-crime committed every
day since 2006 (Schaeffer, 2019). Prior to the year 2001, the phenomenon of cyber-crime
was not globally associated with Nigeria. This resonates with the fact that in Nigeria we
came into realization of the full potential of the internet right about that time. Since then,
especially financial scams, facilitated through the use of the Internet (Roseline and
Moses-Òkè, 2012).
Nigerian cyber criminals are daily devising new ways of perpetrating this form of crime
and the existing methods of tracking these criminals are no longer suitable for to deal
with their new tricks. The victims as well show increasing naivety and gullibility at the
prospects incited by these fraudsters (Thompson, 2013). Since the issue of cyber security
is raising a number of questions in the minds of Nigerians, it is only fair that we answer
these questions.
Cyber risk assessment is the step used by many organizations to find out how exposed the
systems to cyber-attack are. The typical cyber security risk assessment step is identifying
the various organizations' assets that can be affected which include systems, database,
4
and other hardware containing essential data. After identifying the potential risks, the
next step is the selection of control systems to prevent the attack (Cyber Security
However, there are fundamentals of becoming cyber secure. These fundamentals include
is technology, and it involves competence and support process. Integration of the three
Technology is the primary element in achieving the most effective cyber security. Cyber
security programs include the use of anti-virus programs, anti-spyware and data
encryption. According to the cyber essentials, the business organizations should not only
recognize the cost of software to protect their database from malware but also consider
Therefore, cyber security is a broad issue that encompasses individuals, institutions and
states at national and international levels. In particular, the individual use of this study is
also considered as a very important element and problem area since the other two uses
are also determinants. This research work seeks to give an overview of cyber-crime and
5
The internet has simplified business processes such as sorting, summarizing, coding,
spamming, credit card frauds, ATM frauds, phishing, identity theft and a blossoming
haven for cybercriminal miscreants to perpetrate their insidious acts (Olumide and
Olumide, 2010).
With the new technology development in many areas, threats have come up concerning
there are new offenses, such as hacking databases and taking down websites or networks.
On the other hands, there are traditional forms of crime in which IT plays an increasingly
important role in its realization. Examples are internet fraud and cyberstalking.
Cybersecurity is a critical issue for many organizations and there are different threats
associated with their systems, data, and networks. These threats include cybercrime,
cyber war, and cyber terror (Cyber Security Products and Services, 2016). Cyber security
being a major problem, in many nations around the globe, research needs to be done
The main aim of this study is to developed a cyber security management system: A case
i. To investigate the possible measures that can be put in place to maintain the
6
ii. To investigate the measure put in place by most organizations around the globe to
iii. To investigate the control programs used by different organizations and businesses
iv. To design and implement a web-based system that will be a flexible tool which
v. To design a system that will help the university administration reduce the
The significance of this study is to help understand the current trends in IT/cybercrime,
develop effective solutions and improve database and enhance effectiveness, efficiency,
and security of the system. It is also intended that the study will help in the development
The findings of this project will help people reduce the vulnerability of their Information
The findings of this project will be implemented by many organizations to ensure that
The findings will be given as feedbacks to all organizations and institutions for them to
7
This study covers cyber security management in Delta State University Abraka, Delta
university administration to always get the new suggestion to cyber security management
Due to the scope of this project work as mention above, this project work is limited to
cyber security management system: A case study of Delta State University, Abraka. This
application cannot process the penalties for anybody found being grieved or the
punishment for any staff or student found being at fault of any complaints. Other
i. The application was developed to send a notification to only the recipient email
ii. It does not provide the means of live communication between the complaint
systems and the information contained in these systems are defended and protected
Cyber-crime: Is the processing or holding an illegal system for the transmission of data,
8
Cyberspace: Is the abstract or concrete area in which interconnected hardware, software,
CHAPTER TWO
LITERATURE REVIEW
Cyber security management, in recent years, has become a serious problem for
organizations to deal with, especially financial institutions and individuals. With the
advancement of the Internet, the ability to implement underhanded and deviant practices
has become prevalent. This chapter provides an overview of the literature that discusses
the subject matter and provides users with the ammunition to prevent them from
becoming victims.
The terms, cyber security and information security are frequently used interchangeably
without much distinction (Solms and Niekerk, 2013). However, these are not entirely
analogous concepts. It is of importance to look into ideas underlying the two concepts in
order to fathom the views formed around them. Information security is “the protection of
information resources against unauthorized access” (Raggad, 2010). It means that only
authorized people or ICTs should have access to information resources, such as data,
9
management aspect because decisions on the authorization should be dependent upon
business objectives. When certain people are considered necessary for attaining a
As one of the most important international standards, ISO/IEC 27000 (2016) defines
goals. It can be explained that only authorized persons should gain access (availability) to
some other researchers (Raggad, 2010; Whitman & Mattord, 2011) who argue that more
changing nature of ICTs. Whereas Whitman and Mattord (2011) suggested that accuracy
and authenticity were two other critical characteristics of information which the value of
information comes from, Raggad (2010) contended that authentication and non-
repudiation need to be added to the ‘CIA Triad’, constituting ‘the Security Star’.
Authentication implies that the identity of human or system is verified before access
10
fulfilment of accepted obligations. Non-repudiation is based on the logic that the message
sender cannot later deny that he or she sent the message. These five elements are
interpreted as security goals that lead to the achievement of business goals (Raggad,
2010).
networks, and information from cyber-attacks or cyber threats that occur in the
cyberspace or network. This definition emphasized protection from attacks and threats.
The International Telecommunication Union (ITU) (2011) defined cyber security as the
management approaches, actions, training, best practices, assurance and technologies that
can be used to protect the cyber environment and organization and user’s assets.
This definition highlights elements of cyber security and a range of subjects which need
to be protected. One commonality between information security and cyber security is that
the two concepts both aim to maintain the security properties of confidentiality, integrity
and availability (ITU, 2011; Jung, 2011). However, the ITU’s definition contains a broad
Due to these traits cyber security faces various extensive issues, such as jurisdictional
uncertainty, global threats and attribution difficulties. There is another difference in terms
of asset protection. In cyber security, both human and non-human entities are considered
assets which should be protected. Solms and Niekerk (2013) argue that cyber security
protects various assets such as humans and society as well as their information resources,
while information security aims to secure information-based assets only. This argument
11
represents that cyber security considers impacts of information technologies on humans
regarding cyber threats which are not dealt with by information security. This indicates
intelligence services ((ITU, 2011). Among them, sources that attempt to target SMEs are
employees, cybercriminals and organized crime groups. These sources engage in their
Cyber security threats can be divided into two types depending on origins of threats: (1)
internal threats and (2) external threats. Previous research on cyber security did not pay
much attention to insider threats compared to external threats (Jang-Jaccard & Nepal,
employees who have authorised access rights. This type of threat is based on the
assumption that humans are the weakest link in cyber security management (Guo, Yuan,
Archer, & Connelly, 2011; Ifinedo, 2014; Warkentin & Willison, 2009). Employees have
12
pecuniary motives or antagonism of corporate values. Misuse behaviour includes pure
in that insiders take advantage of their access privileges already acquired for legitimate
uses (Jang-Jaccard & Nepal, 2014). These are a form of deviant behaviour in the
Theories, such as general deterrence theory, social bond theory, and social learning
Secondly, external threats are posed by an entity outside the security perimeter. Outside
attackers refer to all groups of cyber attackers after excluding insiders. Gehem, Usanov,
Frinking and Rademaker (2015) noted that most cyber-attacks derive from outside the
organisation. IBM (2014) reported that in 2013 over half (56%) of attacks came from
outsiders and less than a fifth (17%) of attacks emanated from insiders. They use various
threat tools and techniques9 to infiltrate targeted computer system. Among them,
malware (e.g., worms, spyware, and ransomware) has been found as one of the prevalent
cyber threats to individuals, businesses and public sector organisations (Choo, 2011;
Jang-Jaccard & Nepal, 2014). In 2016, 357 million unique malware variants were
detected for the first time and a large volume of malware was distributed via email
(Symantec, 2017). However, clear division between insider and outsider threats gets
outsiders and insiders (IBM, 2014). This malicious cooperation has a potential for
13
exacerbating victimisation situations by expediting an attack process or raising its success
rate.
victims, modus operandi and damage. A researcher with different research orientation
tends to use a different typology. There are no unified sets of typologies which are
accepted by the majority of cyber security researchers. Nye (2010) suggested four types
of cyber threats to national security: cyber terrorism, cyber war, cybercrime and
against cyber war is related to international law, being different from criminal
investigation and prosecution by domestic law. Unlike the other three types, cyber war is
Cyber terrorism was first termed by Barry Collin (1997) in the 1980s. The term has been
commonly used by various entities in society, such as academics, policy makers, and
media. Mass media is considered the main driver of the popular usage of the term, using
this term to capture any sort of large-scale cyber-attack cases (Conway, 2018). Mass
media tends to overhype stories and events to create media sensation. In this respect, the
term, terrorism, is preferred by media due to a high level of fear and violence attached to
it. These days, cyber terrorism has become an overused term without consideration of the
14
attributes and characteristics it carries. Hoffman (2016) suggested five major criteria of
terrorism: (1) political aims and motives, (2) violence or threatened violence, (3) planned
subnational group for its political or social aims. However, cyber terrorism is a form of
Criminal justice departments deal with cyber terrorist attacks not as a new type of cyber-
attacks, but as part of cybercrime (Jang, 2014). It is of importance to note that cyber
steal digitized information. Economic espionage refers to the act of acquiring trade
(Danielson, 2019). It is carried out to satisfy a nation’s economic interests, which are
economic gain. However, there is some overlap between these two concepts and their
distinguish these two in that attribution of any cyber-attacks is extremely difficult. Both
15
types of espionage escalate tensions between nations and discourage business motivation
for technological innovation. Therefore, there are serious reasons that government has to
intervene. It is predominantly the US corporations that are targeted most because they
invest more resources in Research and Development (R&D) (Tucker, 1997). Due to the
damaging effects of espionage, the US set up the Economic Espionage Act of 1996. This
Act criminalizes two forms of trade secret theft: theft for the benefit of a foreign entity
(economic espionage) and theft for pecuniary gain (industrial espionage) (Doyle, 2016).
Cybercrime has been used as a generic term for describing crimes that occur in
cyberspace. The term refers to “criminal or harmful activities that involve the acquisition
information. Due to its abstraction this definition is able to include a wide array of
deviant behaviours in cyberspace, but it lacks cyber or technical concepts. In other words,
what differentiates cybercrime from offline crime is not clearly touched upon.
Compared to the Wall’s definition, Robinson et al. (2012) defined cybercrime as “a broad
range of activities that involve the misuse of data, computer and information systems, and
cyberspace for economic, personal or psychological gain”. This definition points out the
However, the term, misuse, is vague. This term needs to be defined clearly for application
to real cases. In addition, this definition includes intentions of a perpetrator, but does not
impact on victims. This can lead to a failure of a distinction between economic espionage
and cybercrime. Understanding cybercrime varies greatly depending on the person who
16
wants to define it. Policy makers, researchers or practitioners will have different
A useful way of understanding cybercrime is categorizing it. Due to its complex nature, it
Europe Cybercrime Convention (2001) suggested three categories, which are ‘offences
against the confidentiality, integrity and availability of computer data and systems’ (Title
Three). The first category considers offence objects (i.e., computer data and systems),
while the other two categories focus on the modus operandi of the offence (United
Nations Office on Drugs and Crime, 2013). Based on this categorization, specific acts
which belong to each category are presented below (Table 2.1). However, cybercrime
categories and acts which constitute cybercrime do not exist in a fixed format. They are
Table 2.1: Typology of cybercrime (United Nations Office on Drugs and Crime, 2013)
Categories Acts
Acts against the confidentiality, integrity Illegal access to a computer system
and availability of computer data or Illegal access, interception or
systems acquisition of computer data
Illegal interference with a computer
system or computer data
Production, distribution or possession
of computer misuse tools
Breach of privacy or data protection
measures
17
Computer‐related acts for personal or Computer-related acts involving hate
financial gain or harm speech
Computer-related production,
distribution or possession of child
pornography
Computer-related acts in support of
terrorism offences
The commercial possibilities of the Internet are vast and marketing products and/or
services via Internet email is an inexpensive and easy way to advertise to millions of
people (Attaran, 2010). However, the increase in online marketing practices and e-
commerce has spawned prolific online fraud (Baker, 2010). Misleading and fraudulent
Users League (Attaran, 2010). Because consumers have become used to receiving
(Baker, 2010).
The World Wide Web has made it easier for people to become entrepreneurs and has led
to a rapid growth of companies, many of which run “virtual offices” and sell products via
the Internet, which in turn has fuel led Internet fraud (Baker, 2010). Even though growing
very rapidly, electronic commerce is still developing, and many entrepreneurs are yet to
establish an online presence. Ultimately, if they cannot embrace the technology that the
Internet offers, they will lose out to competitors who have modernized their sales and
18
Internet innocence. It is therefore prudent that Internet-related business opportunities are
as carefully considered as any other business opportunity would be, and that
entrepreneurs learn about the associated risks and adequately protect their businesses
acceptable level (Raggad, 2010). Cyber security management is not just a selection of
proper controls. Security threats change over time and supportive resources are limited.
Therefore, there is no hard and fast rule regarding an evaluation of effective security
There are a wide range of variations of risk management frameworks and how they
National Institute of Standards and Technology [NIST] and National Aeronautics and
19
(e.g., ISACA11) as well as prominent scholars (e.g., Raggad). In this section, four
Raggad (2010) suggested a risk management life cycle which consists of:
Risk planning involves developing a preparatory strategy which covers identifying risk
and assets involved and determining a set of available responses. Secondly, risk analysis
includes risk identification and risk assessment. Risk can be identified via various
methods such as vulnerability or threat analysis, event tree analysis, and attack trees.
These methods intend to identify risk, but using different concepts (i.e., vulnerability,
threat, or attack). Upon identification, risk is assessed through determining the level of
risk and the potential impact of the risk. A technique that is widely used is a risk matrix.
It calculates risk criticality of each asset by measuring the likelihood and impact of the
risk involved. Risk assessment is useful to prioritize treatment efforts and to measure
expected benefits resulting from the treatment against the risk impact. These two sub-
stages refine the nature of risk events and consequences of them. Thirdly, risk treatment
controls will be taken, how, and when to take them depend on the risk involved because
this phase aims to maintain the identified risks to acceptable levels. The last phase is risk
monitoring. Risk needs to be continuously monitored as existing risks change and new
20
ones appear. This process evaluates whether risk is properly under control by revisiting
the prior phases. The whole phases constitute an iterative process as is described as ‘life
cycle’. This life cycle is a continuing process that needs to reflect the internal and
Figure 2.1 Raggad’s risk management life cycle (Source: Raggad, 2010)
A COBIT 5 framework from ISACA (2013) consists of similar phases to the Raggad’s
Techniques and methods from the Raggad’s framework can also be used in most of the
phases here. However, there are some subtle differences. One is an emphasis on risk
reporting. Risk analysis needs to be reported to managers and owners in order to support
21
The third phase, risk response, is the same concept with risk treatment in the Raggad’s
framework. It refers to acting upon the identified risks, aiming to align the residual risks
within acceptable tolerance. There are four strategies: (1) acceptance, (2) transfer, (3)
mitigation, and (4) avoidance. Risk appetite is the amount of risk that an organisation is
willing to accept without acting upon it. If risk is below risk appetite, the risk will be
accepted. Risk can be transferred to or shared with a third party organisation (e.g.,
Also, risk can be mitigated by deploying security controls (e.g., access control policies,
firewall or recovery plans). The most drastic strategy is risk avoidance. Risk can be
question. Although these strategies are explained in the book by Raggad (2010), they are
Figure 2.4 ISACA’s risk management life cycle (Source: ISACA, 2013)
organisational risk in relation to information system. It consists of six steps (NIST, 2017,
pp. 9-10):
22
(1) it starts by categorising information and its system based upon an impact analysis,
(2) select a set of control baseline and adjust it based on risk assessment and
organizational conditions,
(3) implement the security controls and document how the controls are deployed,
(5) authorize the information system operation based upon a determination of the risk and
(6) monitor the selected controls in the information system on a regular basis.
concerns are dealt with at three levels: (1) organization level, (2) mission/business
process level, and (3) information system level. This approach requires risk management
predominantly focus on aspects of risk, this framework extends the scope of risk
Methods and processes of undertaking risk management are developed in line with
success, and organizational structure. Secondly, this framework aims to protect not only
23
Figure 2.3: NIST’s risk management framework (Source: NIST, 2017)
A risk management framework by ENISA (2016) is quite similar to the first two
Figure 2.4). This shows that risk assessment is carried out at discrete time points (e.g.,
quarterly or yearly) to evaluate current risk (ENISA, 2016). One important common
feature of all the frameworks is that they are presented as iterative processes without an
end point.
24
Figure 2.4: ENISA’s risk management framework (Source: ENISA, 2016)
Cyber security risk originates from the deep infiltration of IT systems and devices into
2013). It implies that cyber security should be accepted as one of the management
priorities that senior managers are aware of. In this respect, it is highly recommended for
cyber security professionals to have competent business and management skills (Rainer
Jr, Marshall, Knapp, & Montgomery, 2017). This approach argues that cyber security
should be considered in a management context (Chang & Ho, 2016; Singh et al, 2013;
25
Soomro et al., 2016), becoming core part of business management. This argument is in
line with Borodzicz and Gibson’s (2006) claim that management of risk and security
Security policy outlines what kind of security controls a company adopts and how they
Security policy theorists argue that cyber security policy should be established,
implemented, and maintained (Hong, Chi, Chao, & Tang, 2003). Creating a policy that
reflects both internal and external contexts is just the start of cyber security management.
by the policy. Once security policy is adopted, execution of the policy is in the hands of
It is argued that cyber security awareness and training are significant factors to raise
policy compliance (Soomro et al., 2016). Siponen, Mahmood, and Pahnila (2014) argued
that awareness of employees positively influenced their compliance with security policy,
and it is also noted that a training program had a positive impact on employees’
compliance behaviour (Albrechtsen & Hovden, 2010; Puhakainen & Siponen, 2010).
Siponen et al. (2014) further emphasized the role of senior managers in that they were
26
primary facilitators for raising employee awareness. At the same time, senior managers
need to ponder over how to communicate the policy to end users in a company in order
employees perceive vulnerability and severity of cyber security threats. Several scholars
(Doherty, Anastasakis, & Fulford, 2019; Singh et al., 2013) claimed that an existence of
important to review the policy regularly with the changing business environments (Singh
et al., 2013). This is because every new technology has its own security weaknesses
along with business benefits. In addition, companies need to ensure that their
subcontractors and consultants are covered by the policy. It is especially true when
need to make sure of two things: (1) the servers are physically safe from natural and
man-made disasters; and (2) they are embedded in secure network environments. The
same argument can be applied to cloud computing services. How to control new
Technical solutions at operational level have been emphasized in dealing with the cyber
security challenges (Singh et al., 2013). In the early era of research, researchers from
improve operational levels of detection and protection. This trend was reasonable in that
27
technical elements are the core parts when it comes to cyber security. As the literature on
for detection and mitigation became the suitable solution. Technical controls, such as
network security (e.g., firewall, Intrusion Detection System), data protection (e.g.,
encryption), and access controls (e.g., biometrics), were proposed as feasible measures to
technology (Siponen, 2015). However, despite the advancement of technical controls, the
The complexity of technology is one of the biggest challenges not only for security
practitioners but also for senior managers who make decisions on cyber security
very hard to understand the nature of cyber threats. To make matters worse, if senior
invaluable asset that can bring a competitive edge to businesses by supporting cost
making the best use of knowledge is to share it (Wang & Noe, 2010). Knowledge
sharing needs to be emphasized in cyber security in that any employee without a proper
28
knowledge can be a weakest point from cyber threats. Cyber security knowledge sharing
There is a great body of studies which address the relationship between knowledge and
risk mitigation (Arachchilage & Love, 2014; Asgharpour, Liu, & Camp, 2017; Ben-
Asher & Gonzalez, 2015; Cranor, 2008; Han & Yoo, 2016; Parsons et al., 2015). Several
studies noted that knowledge had a positive impact on various dimensions of cyber
threats. Arachchilage and Love (2014) found that the combination of conceptual and
Evaluating the role of knowledge on threat detection, Ben-Asher and Gonzalez (2015)
found that cyber security knowledge increased correct detection of malicious attacks.
They argued that threat detection was the dimension that knowledge could be taken
advantage of. However, there is another aspect which requires consideration. The causal
making processes (Ben-Asher & Gonzalez, 2015). In other words, risk mitigation is a
different aspect, it was argued that cyber security knowledge by top management could
mitigate risks by changing perceptions and behaviours of employees (Han & Yoo, 2016).
29
2.6.4. Cyber Security Culture as an Adaptation of Organizational Culture
It is argued that an effective cyber security culture has a significant influence on the
management of cyber security (AlHogail & Mirza, 2014; Mahfuth, Yussof, Baker, &
Ali, 2017; Parsons et al., 2015). In a study by Knapp, Marshall, Rainer and Morrow
(2004), organizational culture was identified as 7th key issue by 874 certified
the definition of culture as a concept (Pfeffer, 2017). Organizational culture has been
attempted for conceptualization from various aspects. Organizational culture can be seen
as a set of criteria that distinguish one organization from another (Robbins and Judge,
2013) and as a mechanism that binds old and new members of the organization together
(Stroh, Northcraft, and Neale, 2002). The organizational culture not only influences
also it is shaped by them along with organizational visions, goals, and strategies.
The literature reviewed the nature of the risks and threats, various aspects of cyber
investigation is expected to lay the foundation for the effective and efficient
30
implementation of cyber security management. Cyber security is an emerging area and
CHAPTER THREE
This chapter describe the software development methodology used in this research.
Furthermore, the functional and non-functional requirements of the system are explained
in detail and the use cases which are a list of steps, typically defining interactions
between a role and a system, to achieve a goal. Class diagrams have been given to show
detailed data modeling of the system which will be translated into code.
The method of study is based on information from various papers, Internet website and
articles written on the office automation system. In other words, the research has
Findings during the investigation process were gathered so as to fully identify the
problem areas of the existing system. There are some flaws that were identified which the
Naturally, observation is the process of noting and recording an event and for this project;
31
3.2.1 Methodology
This Document plays a vital role in the development life cycle (SDLC) as it describes the
complete requirement of the system. It is meant for use by the developers and will be the
basic during testing phase. Any changes made to the requirements in the future will have
Water fall model was being chosen because all requirements were known beforehand and
32
Water fall model was developed by Winston Royce in 1970 and consists of the following
Requirement analysis and specification involves understanding customer needs and the
behavior of the proposed system to meet such needs. It also entails identifying design
Software design is the actual process by which the customer needs are realized by the
system. This would include flowcharts, algorithms, the database structure, and the
graphical user interface (GUI). The overall system must be visible at this stage.
Software implementation and integration is where all system functions or modules (e.g.
input/output, error messages) are coded and subsequently integrated. All software
commenting where necessary. Testing ensures that all invalid date types are rejected or
subject to error messages and that the entire product is stable under all possible
conditions.
The waterfall model has the advantage of a high-level abstraction which aids in design
implementation. It is also simple such that deliverables at each stage are explicitly stated.
One drawback is the inability to offer design alternatives if changes are to be made to the
software requirements. Another hindrance is that testing is usually performed near the
project’s end which is time consuming and restrictive. Changes made at this stage may
require incidental changes to the previous three steps so that another traversal of the
33
Other software development models examined were the rational unified process (RUP),
and iterative models. Their main strength is controlled, repetitive testing at all
development stages. This means that requirement changes, performance bottlenecks, and
system flaws can be identified early and addresses over several iterative steps leading to
faster production and better quality. For this project, the Waterfall model was chosen in
spite of its inherent flaws. Rather, the rigid structure and deliverables at every stage was
deemed better than the advantages of other models. For a small project with a team of
one person, the most important deliverable was robust, working code. To this end, the
project utilized a somewhat enhanced Waterfall model by rigorous testing at the software
implementation and integration stage. This was an attempt to minimize project changes
Cyber security is quite challenging, this is due to varied degrees of security features and
management schemes within the cloud entities in the cyberspace. Majority of cyber-
criminal activities do not involve physical damage or stealing of equipment, but are rather
intellectual manipulations, what the researcher has decided to coin white collar crime.
This makes it difficult to track down the cyber criminals. More so, there is no
comprehensive policing system to check the activities of cyber users nor stringent
regulations on the prosecution of the criminals if at all they can be detected. In this
circumstance, one logical protocol base needs to evolve so that the entire interconnection
34
of components operates synchronously and securely. Reporting these attacks is an
Conventionally, in Delta State University issues on cyber crime are reported to the
Information Technology (IT) unit. The personal in the IT unit in turns file up the report
IT Unit
e
t a crim
or
Rep
Store
It is less user-friendly.
It is having lots of manual work (Manual system does not mean that you are
working with pen and paper, it also includes working on spread sheets and other
simple software's)
35
It is time consuming process.
It is unable to Maintain users specific information and also their policy info.
The proposed system cyber security management system. The system is designed to be
window-based system. Designed to help the university administration to always get the
organizations.
In proposed automation system, with login credentials, the lecturers/students can update
information about cyber-crime. The proposed system, tracks the entire reports of staff and
students. The information in the database of the system is captured using three parameters
36
Admin Admin
information
Staff/student
Submit report Admin
Report
View report
Status CYBER SECURITY MANAGEMENT
SYSTEM
Search
Accept Information
registration Search
View
Request Creators report
i. The system will provide data storage and manipulation for the department staff.
ii. This system will provide data management: Data management is one of the major
iii. The system will also create means for data exchange: Exchange of stored or
37
information, including text documents, presentations, spreadsheets, images, and
videos can be sent in real-time within a few seconds. Illustrating the collaborative
vi. This system will help to save time and resources: The system will empower the
university system to save both time and money. It simplifies and automates those
complex tasks, which earlier required a dedicated resource and a great amount of
time.
vii. The system will help to reduce costs: Since every process is now automated, there
is no need to invest much on hiring new resources for taking care of those tasks,
The unified modeling language allows the software engineer to express an analysis model
using the modeling notation that is governed by a set of syntactic semantic and pragmatic
rules. A UML system is represented using five different views that describe the system
from distinctly different perspective. Each view is defined by a set of diagram, which is
as follows.
38
b. The analysis representation describes a usage scenario from the end-user’s
perspective.
a. In this model the data and functionality are arrived from inside the system.
a. In this the structural and behavioral as parts of the system are represented as
In this the structural and behavioral aspect of the environment in which the system is to
UML Analysis modeling, which focuses on the user model and structural model
39
Add User
Delete User
Perform Query
Generate Report
40
CHAPTER FOUR
This chapter will discuss the system design and implementation of the cyber security
create a modifiable application, suitable as a model for other similar systems. To meet the
needs such applications, new standards and design models have evolved. All new
applications should be designed by using service layers. This the type of structure that
will lead to better applications that can be more easily extended and updated in new
versions,
services, separating these services in the application design allows for more flexibility
during development and can aid important factors such as scalability for an application.
Because user services will directly interact with and provide services for user interface.
The system is designed with the 3-tier architecture. A 3-tier architecture is a type of
They are often used in applications as a specific type of client-server system. 3-tier
modularizing the user interface, business logic, and data storage layers. Doing so gives
application independently of the other parts. This added flexibility can improve overall
41
time-to-market and decrease development cycle times by giving development teams the
ability to replace or upgrade independent tiers without affecting the other parts of the
system.
For example, the user interface of the application could be redeveloped or modernized
without affecting the underlying functional business and data access logic underneath.
This architectural system is often ideal for embedding and integrating 3rd party software
into an existing application. This integration flexibility also makes it ideal for embedding
analytics software into pre-existing applications and is often used by embedded analytics
vendors for this reason. 3-tier architectures are often used in cloud or on-premises based
Presentation Tier- The presentation tier is the front-end layer in the 3-tier system
and consists of the user interface. This user interface is often a graphical one
content and information useful to an end user. This tier is often built on
Application Tier- The application tier contains the functional business logic which
drives an application’s core capabilities. It’s often written in Java, .NET, C#,
Data Tier- The data tier comprises of the database/data storage system and data
42
Microsoft SQL Server, MongoDB, etc. Data is accessed by the application layer
There are many benefits to using a 3-layer architecture including speed of development,
gives development teams the ability to develop and enhance a product with greater speed
than developing a singular code base because a specific layer can be upgraded with
minimal impact on the other layers. It can also help improve development efficiency by
allowing teams to focus on their core competencies. Many development teams have
separate developers who specialize in front- end, server back-end, and data back-end
43
development, by modularizing these parts of an application you no longer have to rely on
full stack developers and can better utilize the specialties of each team.
The developed system was design with Visual Studio 2010. In addition, based on the
knowledge that we have acquired and the software that we are familiar with, the
operating system of the Server is Windows 7 Server, and the database management
system is Microsoft SQL Server 2008. SQL Management Studio Server 2008 is one of a
few mainstream database management systems at the present. Web application server is
IIS5.0, and uses Visual Studio 2010 and CSS5 as the application software development
platform.
Visual Studio 2010 and CSS5 is a page editor launched by the Microsoft Cooperation
combines visual layout tools, application development function and code editing support
as a powerful tool, which is easy and convenient to operate; thus, developers and
designers at any level can use it, quickly create an attractive interface on the basis of the
standard site and applications. Moreover, ASP can be used to deal with the presentation
The system database requires many interconnected functional structures. Normally, the
database and web server are on separate computers or servers but for this project, the host
computer acts both as the web server and the database server.
44
Graphical User Interface
DATABASE APPLICATION
This system manages the information about various lecturers teaching materials,
information about subject’s marks obtained by students in different semesters and then
In this system, lecturers can update the teaching materials and information about
subject’s marks obtained by students in different semesters which can be viewed by the
department head. The proposed system, tracks the entire academic data of lecturers.
These include: the publications made, conferences attended and the papers presented at
conferences, the research in progress and the courses taught. In addition to theses,
lecturers have to provide their qualifications, just in case there has been an upgrade.
In result analysis automation module, the cycle test, internal assessment marks are
updated and pass percentage of each subject, each class, each year and entire department
is calculated.
45
4.3 System Implementation
The new system is designed to be put into efficient use. Here, we will look into the
various technical aspects that influenced the successful implementation of this system
and determine the effective operation of the system. System implementation follows the
approval of the system proposals and its objectives; thus, it is to arrive at a satisfactory,
implemented, completed, and function evaluated automated system. It also embodies the
Mentally visualizing the page layout was an obstacle to coding the pages. Rough sketches
were made on paper which included the main functions of each page, links to other
pages, links to other functions, and the layout of the required information fields. While
this had to be done for all web pages, it gave an appreciation of the web design and the
need for a comprehensive navigation bar on all pages. To ensure that the user was not
lost, each page (except the main page) contained a descriptive name for the page function
(e.g. Signup page, login). A link or navigation bar was inserted below this descriptive
page title.
46
To minimize user navigation through the conventional task pane, the main page is
sectioned into functional tables with available options. This reduces navigation and
unguided navigation. For example, selecting an option takes one mouse click with this
system and a minimum of one mouse click with the conventional system.
Thus, only pre-defined operations are available to the user as they go deeper into
sectioned functions. Pages that link to the main or homepage have a link bar at the top
after a description of the current page function. This link bar is also restricted in that
listed functions are related to the page function. For instance, if the user wants to view his
schedule, only schedule related functions (edit schedule, print schedule) will be available
when the view schedule function page is accessed. While this does reduce available
navigation options, to ensure that the user does not feel confined or lost, the navigational
structure includes a link to the previous page (Back), a home page link, a help link, and a
non-prompt logout link. Both the help and logout links are important universal functions
which are highlighted in a different colour for easy recognition and strategically placed at
The entire module is responsible for all input data requirements. It receives input data
from the computer users and stores them adequately into file. The entire provisions are
47
CYBER SECURITY MANAGEMENT SYSTEM
NAME
MAT.NO /STAFF ID
GENDER
DEPARTMENT
PASSPORT
USERNAME
PASSWORD
SUBMIT
USERNAME
PASSWORD
LOGIN
48
4.3.4 Report module
The report module, tables all forms of report generation. It displays conditional and
USERNAME
NAME
MESSAGE
SUBMIT
The update module is responsible for modifying stored data or record in the files. The
records are searched for in the file and retrieved adequately and then, the update data are
retrieved and necessary corrections are made automatically by the computer as adequate.
However, it is responsible in keeping track of all the transactions that takes place. It is
49
CYBER SECURITY MANAGEMENT SYSTEM
NAME
MAT.NO /STAFF ID
GENDER
DEPARTMENT
PASSPORT
USERNAME
PASSWORD
UPDATE
This is the module responsible for packing up or quitting the program entirely.
In information management system database plays important role in terms of data storing
and retrieval. The structure of database will directly affect the efficiency of system and
achievement of results. The good database structure design can improve the efficiency of
the data storage; make sure data integrity and consistency. The data base used in the
50
Table 4.1: Registration table result table
For effective operation of the newly designed system, the following minimum hardware
a) The computer system to use should be 100% IBM compatible since they are
51
b) The computer system processor to be used should be Intel Pentium technology.
d) The system should have a hard disk of at least 20GB, 3.5 floppy drive and CD-ROM
drive.
e) The system to use should be equipped with 14” VGA or SVGA monitor (colored).
The listed configurations are the minimum requirements, but if the configurations are of
higher versions, the processing derived will definitely be better and the program will run
faster.
Testing is the last stage in the software development and it presents an interesting
anomaly for the software engineer where he attempts to build software from an abstract
concept to a tangible product. During testing, the engineer creates series of test cases to
overcome a conflict of interest that occurs when errors are uncovered. As a secondary
52
benefit, testing demonstrates that the software functions appear to be working according
to specification, that behavioral and performance requirements appear to have been met.
Each unit of the new system was tested (test run) individually alongside with the old
The entire system was as well tested (test run) in general alongside with the old system in
The software will be designed using C-sharp (C#) programming language. After which
will be complied and packed for easy installation in any computer system and further use.
The system needs to be review and maintained from time to time to add more
functionality, to expand the system activities and upgrade system programming and the
53
4.7 Installation Procedure
The application folder name is copy and pasted into the project file folder of the visual
studio document folder. Then click on the folder to open it. Visual studio must be
To use the application, internet information service (IIS) must be installed in the system.
Open a web browser, type http://localhost/the application name/default the click on the
54
CHAPTER FIVE
5.1 Summary
This study developed a cyber security management system: A case study of Delta State
University, Abraka. Cyber security management, in recent years, has become a serious
problem for organizations to deal with, especially financial institutions and individuals.
With the advancement of the Internet, the ability to implement underhanded and deviant
practices has become prevalent. This research work provides an overview of the literature
that discusses the cyber-crimes and provides users with the ammunition to prevent them
Furthermore, this research work described the software development methodology used.
And also, the functional and non-functional requirements of the system were explained in
detail and the use cases diagram was to define the interactions between a role and a
system. The use case diagrams show detailed data modeling of the system which was
In addition, this research work discussed the system design and implementation of the
cyber security management system. The application was design and implemented, in
order to create a modifiable application, suitable as a model for other similar systems.
5.2 Conclusion
The transnational nature of cybercrime and the interdependency of systems and Internet-
connected digital devices within and outside of countries' territories requires the sharing
of information about cybercrime across borders. Beyond that, the sharing of knowledge
55
about good practices regarding cybercrime investigations is needed. The dizzying array
cybercrime and the sharing of explicit and tacit knowledge between stakeholders. The
by stakeholders and the country the stakeholders reside and/or operate in. The
management of this knowledge within and across borders is needed to ensure the
sharing are of paramount importance as they enable the sharing of explicit and tacit
5.3 Recommendations
i. Strong legislations should be enacted by each nation and at United Nations level
on combating cybercrime.
cybercrime.
iii. All websites in the Internet should specify and contain surveillance software for
security checks against threats, and should permit cyber police access to check
56
v. Cyber security education should be introduced at all levels of education to
enlighten netizens and prospective ones on possible threats they are likely face
vi. Trans-border synergy should be initiated among nations with wireless connection
through GPRS for trans-border cyber police officers working in the field. Such a
vii. Organizations should initiate strong security measures to protect their digital
57
REFERENCES
Asgharpour, F., Liu, D., & Camp, L. J. (2017). Mental models of security risks. In
S. Dietrich, & R. Dhamija (Eds.), Proceedings of the International
Conference on Financial Cryptography and Data Security (pp. 367-377).
Berlin, Heidelberg: Springer.
Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research
directions. Computers & Security, 30(8), 719-731.
58
Collin, B. C. (1997). The future of cyberterrorism: Where the physical and virtual
worlds converge. Crime and Justice International, 13(2), 15-18.
Cranor, L. F. (2018). A framework for reasoning about the human in the loop.
Proceedings of the Conference on Usability, Psychology, and Security (pp.1-
15). San Francisco, California.
Doherty, N. F., Anastasakis, L., & Fulford, H. (2019). The information security
policy unpacked: A critical study of the content of university policies.
International Journal of Information Management, 29(6), 449–457.
European Union Agency for Network and Information Security. (2016). Risk
management: Implementation principles and inventories for risk
management/riskassessment methods and tools. Retrieved from
https://www.enisa.europa.eu/publications/risk-management-principles-and-
inventories-for-risk-management-risk-assessment-methods-and-tools
Gehem, M., Usanov, A., Frinking, E., & Rademaker, M. (2015). Assessing cyber
security: A meta-analysis of threats, trends, and responses to cyber-attacks.
The Hague Centre for Strategic Studies. Retrieved from
https://hcss.nl/sites/default/files/files/reports/HCSS_Assessing_Cyber_Secur
ity.pdf
59
Goodrich,M. and Tamassia,R.(2018). Introduction To Computer Security.
Addison-Wesley.
Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding
nonmalicious security violations in the workplace: A composite behavior
model. Journal of Management Information Systems, 28(2), 203–236.
Han, J., & Yoo, H. (2016). The effect of managerial information security
intelligence on the employee’s information security countermeasure
awareness. Information Systems Review, 18(3), 137-153.
Hong, K. S., Chi, Y. P., Chao, L. R., & Tang, J. H. (2003). An integrated system
theory of information security management. Information Management &
Computer Security, 11(5), 243-248.
IBM. (2014). IBM Security services 2014 cyber security intelligence index.
Retrieved from
https://media.scmagazine.com/documents/82/ibm_cyber_security_intelligen
c_20450.pdf
60
the award of the degree of Doctor of Philosophy of the University of
Portsmouth
Knapp, K.J., Marshall, T.E., Rainer, R.K. & Morrow, D.W. (2004). The top
information security issues facing organizations: What can government do to
help? The 2004 International Information Systems Security Certification
Consortium Survey Results, Auburn University, Auburn, AL.
Lee, D., (2013). A study on personal data hacking case to build corporate security
and counter strategy: Focused on Hyundai Capital hacking case. Journal of
Security Engineering, 10(4), 455-472.
Limburg, J. (2015). Trust in the world of cybercrime. Global Crime 13(2), 71-94.
Mahfuth, A., Yussof, S., Baker, A. A., & Ali, N. A. (2017). A systematic literature
review: Information security culture. Proceedings of Research and
Innovation in Information Systems (ICRIIS) 2017 International Conference
(pp. 1-6). Langkawi, Malaysia: IEEE.
Nye, J. S. (2010). Cyber power. Retrieved from Belfer Center for Science and
International Affairs website:
https://www.belfercenter.org/publication/cyber-power
Parsons, K. M., Young, E., Butavicius, M. A., McCormac, A., Pattinson, M. R., &
Jerram, C. (2015). The influence of organizational information security
61
culture on information security decision making. Journal of Cognitive
Engineering and Decision Making, 9(2), 117-129.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014).
Determining employee awareness using the Human Aspects of Information
Security Questionnaire (HAIS-Q). Computers & Security, 42, 165–176.
Pfeffer, J. (2017). New directions for organization theory: Problems and prospects.
New York: Oxford University Press.
Rainer Jr, R. K., Marshall, T. E., Knapp, K. J., & Montgomery, G. H. (2017). Do
information security professionals and business managers view information
security issues differently? Information Systems Security, 16(2), 100-108.
Robbins, S. P., & Judge, T.A. (2013). Organizational behaviour (15th ed.).
Boston: Pearson.
Robinson, N., Disley, E., Potoglou, D., Reding, A., Culley, D. M., Penny, M., . . .
Millard, J. (2012). Feasibility study for a European cybercrime centre.
Retrieved from RAND Corporation website:
https://www.rand.org/pubs/technical_reports/TR1218.html
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy
compliance model in organizations. Computers & Security, 56, 70–82.
62
Schaeffer, B. S., Holt, T.J. & Ahn, G.J. (2019): Cyber Crime And Cyber Security:
A White Paper For Franchisors, Licensors, and Others
Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information
security management (ISM) practices: Lessons from select cases from India
and Germany. Global Journal of Flexible Systems Management, 14(4), 225–
239.
Sols, M. & Niekerk, A. (2013). Knowledge creation and innovation in the virtual
community – Exploring structure, values and identity in hacker groups.
Paper presented at the 35th DRUID Celebration Conference, Barcelona,
Spain.
Theoharidou, M., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2005). The
insider threat to information systems and the effectiveness of ISO17799.
Computers & Security, 24(6), 472-484.
Thompson, M.A.C. (2013). Breaking and remaking law and technology: A socio-
techno-legal study of hacking (Doctoral thesis). Tilburg: Tilburg University.
63
Tucker, D. S. (1997). The federal government's war on economic espionage.
University of Pennsylvania Journal of International Economic Law, 18(3),
1109-1152.
Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information
systems security: The insider threat. European Journal of Information
Systems, 18(2), 101.
Werlinger, R., Hawkey, K., & Beznosov, K. (2019). An integrated view of human,
organizational, and technological challenges of IT security management.
Information Management & Computer Security, 17(1), 4–19.
Whitman, M., & Mattord, H. (2011). Principles of information security (4th ed.).
Boston:Cengage Learning.
64
APPENDIX
Source Code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Configuration;
using System.Data.SqlClient;
using System.Web.Security;
using Microsoft.VisualBasic;
this.ViewAllUser();
lblsn.Text = "Display Page " + (gvUsers.PageIndex + 1).ToString() + " of " +
gvUsers.PageCount.ToString();
}
private void ViewAllUser()
{
string constr =
ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("SELECT sn, name, deposit, Payout FROM
tbl_Transc"))
{
using (SqlDataAdapter sda = new SqlDataAdapter())
{
cmd.Connection = con;
sda.SelectCommand = cmd;
using (DataTable dt = new DataTable())
{
sda.Fill(dt);
gvUsers.DataSource = dt;
gvUsers.DataBind();
}
}
protected void btnSave_Click(object sender, EventArgs e)
65
{
string msg_Update = "Added Successfully!";
if (this.txtname.Text == "" || this.txtPLW.Text == "" || this.txtPAT.Text == "")
{
Label1.Text = "One or More Values not Entered";
Label1.ForeColor = System.Drawing.Color.Red;
}
else
{
Paid_last = txtPLW.Text.Trim();
Paid_for = txtPAT.Text.Trim();
string Name = txtname.Text.Trim();
addedDate = System.DateTime.Today.ToLongDateString();
// if (Information.IsNumeric(this.txtPLW.Text.Trim()) &&
Information.IsNumeric(this.txtPAT.Text.Trim()))
{
string constring =
ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(constring))
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO tbl_Transc (name,
deposit, Payout) VALUES (@name, @deposit, @Payout)", con))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@name", Name);
cmd.Parameters.AddWithValue("@deposit", Paid_last);
cmd.Parameters.AddWithValue("@Payout", Paid_for);
// cmd.Parameters.AddWithValue("@createdDate", addedDate.Trim());
con.Open();
int rowsAffected = cmd.ExecuteNonQuery();
ClientScript.RegisterStartupScript(GetType(), "AlertBox", "alert('" +
msg_Update + "');", true);
//Session.RemoveAll();
lbl.Text = msg_Update;
this.ViewAllUser();
txtPLW.Text = string.Empty;
txtname.Text = string.Empty;
txtPAT.Text = string.Empty;
con.Close();
}
}
66
}
}
}
protected void gvUsers_PageIndexChanging(object sender, GridViewPageEventArgs e)
{
gvUsers.PageIndex = e.NewPageIndex;
ViewAllUser();
}
protected void btnLogout_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
Session.RemoveAll();
Response.Redirect("admin-login.aspx");
}
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
string strDisAbleBackButton;
strDisAbleBackButton = "<script>\n";
strDisAbleBackButton += "window.history.forward(0);\n";
strDisAbleBackButton += "\n</script>";
ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "clientScript",
strDisAbleBackButton);
}
}
67