Cyber Security Management System (AutoRecovered)

CYBER SECURITY MANAGEMENT SYSTEM: A CASE STUDY OF DELTA
STATE UNIVERSITY, ABRAKA
INTERVENTION EDOJA
DELTA STATE UNIVERSITY, ABRAKA
DECEMBER, 2020
INTERVENTION EDOJA
FOS/16/17/240119
A PROJECT SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE,

FACULTY OF SCIENCE, DELTA STATE UNIVERSITY, ABRAKA
IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE AWARD

OF DEGREE OF BACHELOR OF SCIENCE (B.Sc.) IN COMPUTER SCIENCE
DECEMBER, 2020
ii
CERTIFICATION
BY
INTERVENTION EDOJA
This is to certify that this project was carried out by Edoja Intervention under the
supervision of Prof. Anthony Imiavan Lecturer, Department of Computer Science, Delta
State University, Abraka.
___________________ ____________________
Prof. Anthony Imiavan Date
(Project Supervisor)
__________________ ____________________
Dr. (Mrs.) M. Akazue Date
(Head of Department)
iii
DEDICATION
This work is dedicated to God Almighty, the author and finisher of my faith, Amen.
iv
ACKNOWLEDGEMENTS
This research may not have been completed without the grace of God, my gratitude goes
to God, whom through him everything was made possible for this great task to come to
pass, I thank him for his protection, preservation, provision and intellectual horizon to
carry out this work to a successful completion
I express my profound appreciation to my project supervisor, Prof. Anthony Imiavan for
Creating time out of his busy schedule to put me through on this work and to perform
necessary corrections on the manuscript and to my head of department Dr Akazue also to
Dr okorodudu for grooming me academically and to my lecturers as well.
My appreciation goes to my father Lt RT. RVE (Dr) Phillip Edoja and my mother REV
Mrs. Shine Elo for their encouragement and financial provisions and prayers also to my
siblings
My appreciation goes to my friend: Victor Eyibera for his advice and support through this
race.
v
TABLE OF CONTENTS
COVER PAGE i
TITLE PAGE ii
CERTIFICATION iii
DEDICATION iv
ACKNOWLEDGEMENTS v
TABLE CONTENTS vi
ABSTRACT xii
CHAPTER ONE: INTRODUCTION
1.1 Background of the Study 1
1.2 Statement of the Problem 5
1.3 Aim and Objectives of the Study 6
1.4 Significance of the Study 7
1.5 Scope of the Study 7
1.6 Limitation of Study 8
1.7 Operational Definition of Terms 8
CHAPTER TWO: LITERATURE REVIEW
2.0 Chapter Overview 9
2.1 Cyber Security 9
2.2 Cyber Security Threats 12
2.3 Typologies of Cyber Security Threats 14
2.4 Technology's Impact on Cyber Security Risk 18
vi
2.5 Cyber Security Risk Management Framework 19
2.6 Management of Cyber Security 25
2.6.1. Cyber Security Management Measures 25
2.6.1.1. Security Policy 26
2.6.2. A Balanced Approach to Security Controls 27
2.6.3. Knowledge for Risk Reduction 28
2.6.4. Cyber Security Culture as an Adaptation of Organizational Culture 30
CHAPTER THREE: METHODOLOGY AND SYSTEM ANALYSIS
3.2 Methods of Data Collection 31
3.2.1 Methodology 32
3.3 Analysis of the Existing System 34
3.3.1 Problem of the Existing System 35
3.4 Analysis of the Proposed System 36
3.4.1 Advantages of the Proposed System 37
3.5 High Level Model of the Proposed System 38
CHAPTER FOUR: SYSTEM DESIGN AND IMPLEMENTATION
4.2 System Design (Design Overview) 41
4.2.1 System Description 44
4.3 System Implementation 46
4.3.1 Graphical User Interface Design 46
vii
4.3.2 Navigational Structure Design 47
4.3.3 Entry module 47
4.3.4 Report module 49
4.3.5 Update module 49
4.3.6 Exit module 50
3.3 System Database Design 50
4.4 System Requirement 51
4.4.1 Hardware Requirement 51
4.4.2 Software Requirement 52
4.5 System Testing 52
4.5.1 Unit Test 53
4.5.2 System Test 53
4.5.3 Packaging (Integration) 53
4.6 System Review and Maintenance 53
4.7 Installation Procedure 54
4.8 User Guide 54
CHAPTER FIVE: SUMMARY, CONCLUSION AND RECOMMENDATION
5.1 Summary 55
5.2 Conclusion 55
5.3 Recommendations 56
REFERENCES
viii
ABSTRACT
This study developed a cyber security management system using Delta State University,
Abraka as case study. Cyber security management, in recent years, has become a serious
problem for organizations to deal with, especially financial institutions and individuals.
With the advancement of the Internet, the ability to implement underhanded and deviant
practices has become prevalent. This research work provides an overview of the literature
that discusses the cyber-crimes and provides users with the ammunition to prevent them
from becoming victims. Furthermore, this research work described the software
development methodology used. And also, the functional and non-functional
requirements of the system were explained in detail and the use cases diagram was to
define the interactions between a role and a system. The use case diagrams show detailed
data modeling of the system which was translated into code. In addition, this research
work discussed the system design and implementation of the cyber security management
system. The application was design and implemented, in order to create a modifiable
application, suitable as a model for other similar systems.
ix
CHAPTER ONE
INTRODUCTION
1.1 Background of the Study
We are in the age of a new revolution that witnesses the birth of a new culture. Internet is
the most important element of this culture. As an opportunity, space and medium, the
internet has redefined social and political frontiers in politics, economics, sociology and
anthropology in addition to digital and virtual frontiers on a local and universal level. The
field of law, which sets the rules for enabling common life experiences, has to broaden
the
scope of rights and responsibilities, crime and punishment in the face of these
developments where new changes are added to the list every day. At this point, a new
terminology of security and crime was developed, which is defined by names such as
cyber, digital, information, internet, electronic, computer, technology, and it increasingly
become one of the most controversial topics in public and private platforms (Watson and
Watson, 2017).
Cyber is used to describe concepts or entities that involve or contain computer and
computer networks and cyberspace is used to describe the abstract or concrete area in
which interconnected hardware, software, systems and people interact and/or interact
(Limburg,
2015).
Cyber security term is also used with interchangeably information security term and goes
beyond the boundaries of traditional information security to include not only the
1
protection of information resources, but also that of other assets, including the person
him/herself (Sols and Niekerk, 2013). Cyber security is the secrecy, integrity and
accessibility of the information used in all these cyber elements (Goodrich and Tamassia,
2018).
Cyber security as an activity or process in which information and communication systems
and the information contained in these systems are defended and protected against any
criminal, attack or destruction. Cyber security can also be seen as the sum of tools,
policies, security concepts, safety directives, risk management approaches, actions,
courses, best practices, security and technologies that can be used to protect the assets of
cyber environments, institutions and individuals (Göçoğlu, 2018).
Cyber security can be defined as security provided by cyberspace. Cyber space is a non-
physical field in which all systems of information and information that are spread all over
the world and into the world are involved, and the systems of information systems that
are interdependent and interacted with each other by people are connected with each
other or with people (Bıçakçı, 2014; Göçoğlu, 2018). Moreover, cyberspace is now
considered the fifth domain of warfare after land, sea, air, and space (Economist, 2013).
Cyber-crime is defined as, "Information is subject to automatic processing or holding an
illegal system for the transmission of data, performed all kinds of unethical or
unauthorized behavior"(Arslan,2018). At the same time cyber security is a concept
addressed in the direction of risk of threat. The most important threat is the cyber-attacks.
By cyber-attack, it is meant the act of stealing, changing and destroying information in
virtual networks to destroy the confidentiality, integrity and accessibility (Göçoğlu,
2
2018). In cyberspace societies need individuals who need to take place in both countries
in terms of very vital information, cyberspace for malicious individuals, institutions and
has become a clear target for the state. The unauthorized access of malicious people to
information and documents in cyber space is very damaging to individuals, institutions
and countries and these persons may destroy, change and disclose this information
(Ünver and Canbay, 2010; Şahinaslan et al. 2013).
The cyber criminals use specific application from a distance that allows their access to
other systems. The applications used by cyber criminals are referred to as malware
(malicious software). The malicious software includes viruses, worms, spyware, and
Trojans (Cyber Security Products and Services, 2016).
However, there are developing scenario of the evolution of new type of war - the internet
cybercrime - which will cause destruction of greater magnitude than the two past world
wars- if not properly nipped in the bud. It has been established that Nigeria is an
impressionable country. The advent of the internet to her was both welcome and full of
disadvantages. The exceptional outbreak of cyber-crime in recent times is quite alarming,
and the negative impact on the socio-economy of the country is highly disturbing. Over
the past twenty years, immoral cyberspace users have continued to use the internet to
commit crimes; this has evoked mixed feelings of admiration and fear in the general
populace along with a growing unease about the state of cyber and personal security. This
phenomenon has seen sophisticated and extraordinary increase recently and has called for
quick response in providing laws that would protect the cyber space and its users.
3
The first recorded cyber murder was committed in the United States seven years ago.
According to the Indian Express, January 2002, an underworld don in a hospital was to
undergo a minor surgery. His rival went ahead to hire a computer expert who altered his
prescriptions through hacking the hospital’s computer system. He was administered the
altered prescription by an innocent nurse, this resulted in the death of the patient (Mohsin,
2016).
Statistically, all over the world, there has been a form of cyber-crime committed every
day since 2006 (Schaeffer, 2019). Prior to the year 2001, the phenomenon of cyber-crime
was not globally associated with Nigeria. This resonates with the fact that in Nigeria we
came into realization of the full potential of the internet right about that time. Since then,
however, the country has acquired a world-wide notoriety in criminal activities,
especially financial scams, facilitated through the use of the Internet (Roseline and
Moses-Òkè, 2012).
Nigerian cyber criminals are daily devising new ways of perpetrating this form of crime
and the existing methods of tracking these criminals are no longer suitable for to deal
with their new tricks. The victims as well show increasing naivety and gullibility at the
prospects incited by these fraudsters (Thompson, 2013). Since the issue of cyber security
is raising a number of questions in the minds of Nigerians, it is only fair that we answer
these questions.
Cyber risk assessment is the step used by many organizations to find out how exposed the
systems to cyber-attack are. The typical cyber security risk assessment step is identifying
the various organizations' assets that can be affected which include systems, database,
4
and other hardware containing essential data. After identifying the potential risks, the
next step is the selection of control systems to prevent the attack (Cyber Security
Products and Services, 2016).
However, there are fundamentals of becoming cyber secure. These fundamentals include
management of people, processes, and technology (Cyber Security Products and
Services, 2016). Taking into account in people management, staffing is required,
professional skills and qualifications, and component resources. Process management
includes IT audit, management of systems, governance frameworks, and best practice.
The last fundamental
is technology, and it involves competence and support process. Integration of the three
primary approaches to cyber security is what makes an organization cyber secure.
Technology is the primary element in achieving the most effective cyber security. Cyber
security programs include the use of anti-virus programs, anti-spyware and data
encryption. According to the cyber essentials, the business organizations should not only
recognize the cost of software to protect their database from malware but also consider
the cost of losing the most useful information (Dorman, 2015).
Therefore, cyber security is a broad issue that encompasses individuals, institutions and
states at national and international levels. In particular, the individual use of this study is
also considered as a very important element and problem area since the other two uses
are also determinants. This research work seeks to give an overview of cyber-crime and
cyber-security, outline some challenges and proffer solutions.
1.2 Statement of the Problem
5
The internet has simplified business processes such as sorting, summarizing, coding,
editing, customized and generic report generation in a real-time processing mode.
However, it has also brought unintended consequences such as criminal activities,
spamming, credit card frauds, ATM frauds, phishing, identity theft and a blossoming
haven for cybercriminal miscreants to perpetrate their insidious acts (Olumide and
Olumide, 2010).
With the new technology development in many areas, threats have come up concerning
the security of information stored in many organizations (Thompson, 2013). However,
there are new offenses, such as hacking databases and taking down websites or networks.
On the other hands, there are traditional forms of crime in which IT plays an increasingly
important role in its realization. Examples are internet fraud and cyberstalking.
Cybersecurity is a critical issue for many organizations and there are different threats
associated with their systems, data, and networks. These threats include cybercrime,
cyber war, and cyber terror (Cyber Security Products and Services, 2016). Cyber security
being a major problem, in many nations around the globe, research needs to be done
concerning the possible measures to mitigate the problem.
1.3 Aim and Objectives of the Study
The main aim of this study is to developed a cyber security management system: A case
study of Delta State University, Abraka. The specific objectives are
i. To investigate the possible measures that can be put in place to maintain the
integrity of cyber secure.
6
ii. To investigate the measure put in place by most organizations around the globe to
ensure their firms are safe from cyber-attack.
iii. To investigate the control programs used by different organizations and businesses
as cyber security measures
iv. To design and implement a web-based system that will be a flexible tool which
will offer the service anytime and anywhere
v. To design a system that will help the university administration reduce the
vulnerability of their Information and Communication Technology (ICT) systems.
1.4 Significance of the Study
The significance of this study is to help understand the current trends in IT/cybercrime,
develop effective solutions and improve database and enhance effectiveness, efficiency,
and security of the system. It is also intended that the study will help in the development
of a new and hopefully and standard better computer-aided system.
The findings of this project will help people reduce the vulnerability of their Information
and Communication Technology (ICT) systems and networks.
The findings of this project will be implemented by many organizations to ensure that
their data, systems, and networks are safe from cyber-attack.
The findings will be given as feedbacks to all organizations and institutions for them to
practice according to the proposed recommendations.
1.5 Scope of the Study
7
This study covers cyber security management in Delta State University Abraka, Delta
State. The system is designed to be window-based system. Designed to help the
university administration to always get the new suggestion to cyber security management
control programs used by different organizations.
1.6 Limitation of Study
Due to the scope of this project work as mention above, this project work is limited to
cyber security management system: A case study of Delta State University, Abraka. This
application cannot process the penalties for anybody found being grieved or the
punishment for any staff or student found being at fault of any complaints. Other
limitations are following:
i. The application was developed to send a notification to only the recipient email
address and not mobile phone
ii. It does not provide the means of live communication between the complaint
and the responder
1.7 Operational Definition of Terms
Cyber Security: Is an activity or process in which information and communication
systems and the information contained in these systems are defended and protected
against any criminal, attack or destruction.
Cyber: Is entities that involve or contain computer and computer networks
Cyber-crime: Is the processing or holding an illegal system for the transmission of data,
performed all kinds of unethical or unauthorized behavior
8
Cyberspace: Is the abstract or concrete area in which interconnected hardware, software,
systems and people interact and/or interact.
Management: Is an information system used for decision-making and for the
coordination, control, analysis visualization of information in an organization.
CHAPTER TWO
LITERATURE REVIEW
2.0 Chapter Overview
Cyber security management, in recent years, has become a serious problem for
organizations to deal with, especially financial institutions and individuals. With the
advancement of the Internet, the ability to implement underhanded and deviant practices
has become prevalent. This chapter provides an overview of the literature that discusses
the subject matter and provides users with the ammunition to prevent them from
becoming victims.
2.1 Cyber Security
The terms, cyber security and information security are frequently used interchangeably
without much distinction (Solms and Niekerk, 2013). However, these are not entirely
analogous concepts. It is of importance to look into ideas underlying the two concepts in
order to fathom the views formed around them. Information security is “the protection of
information resources against unauthorized access” (Raggad, 2010). It means that only
authorized people or ICTs should have access to information resources, such as data,
hardware, software, and network. This definition is clearly related to a business
9
management aspect because decisions on the authorization should be dependent upon
business objectives. When certain people are considered necessary for attaining a
business objective, those people need authorization to access a certain amount of
information resources directly relevant to the business objective. By controlling
unauthorized access, information security focuses on reducing business damage in a way
that mitigates the probability and impact of security incidents.
As one of the most important international standards, ISO/IEC 27000 (2016) defines
information security as the preservation of confidentiality, integrity and availability of
information. Integrity, availability, and confidentiality (Known as ‘CIA Triad’) are
depicted as three aspects of information that should be protected to achieve security
goals. It can be explained that only authorized persons should gain access (availability) to
the accurately represented information (integrity) without disclosure to unauthorized
persons (confidentiality). They are also called characteristics of information security. If
one of those characteristics is compromised, it is said to be a security failure. There are
some other researchers (Raggad, 2010; Whitman & Mattord, 2011) who argue that more
information characteristics need to be included to address adequately the constantly
changing nature of ICTs. Whereas Whitman and Mattord (2011) suggested that accuracy
and authenticity were two other critical characteristics of information which the value of
information comes from, Raggad (2010) contended that authentication and non-
repudiation need to be added to the ‘CIA Triad’, constituting ‘the Security Star’.
Authentication implies that the identity of human or system is verified before access
permission is granted and non-repudiation is a mechanism designed to enforce the
10
fulfilment of accepted obligations. Non-repudiation is based on the logic that the message
sender cannot later deny that he or she sent the message. These five elements are
interpreted as security goals that lead to the achievement of business goals (Raggad,
2010).
Jung (2011) defined cyber security as protecting information and communication
networks, and information from cyber-attacks or cyber threats that occur in the
cyberspace or network. This definition emphasized protection from attacks and threats.
The International Telecommunication Union (ITU) (2011) defined cyber security as the
collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies that
can be used to protect the cyber environment and organization and user’s assets.
This definition highlights elements of cyber security and a range of subjects which need
to be protected. One commonality between information security and cyber security is that
the two concepts both aim to maintain the security properties of confidentiality, integrity
and availability (ITU, 2011; Jung, 2011). However, the ITU’s definition contains a broad
aspect of safeguarding technical and non-technical elements.
Due to these traits cyber security faces various extensive issues, such as jurisdictional
uncertainty, global threats and attribution difficulties. There is another difference in terms
of asset protection. In cyber security, both human and non-human entities are considered
assets which should be protected. Solms and Niekerk (2013) argue that cyber security
protects various assets such as humans and society as well as their information resources,
while information security aims to secure information-based assets only. This argument
11
represents that cyber security considers impacts of information technologies on humans
and society. Therefore, cyber security is capable of addressing socio-legal issues
regarding cyber threats which are not dealt with by information security. This indicates
that cyber security is a broader concept than information security, encompassing
additional dimensions (Safa et al., 2016).
2.2 Cyber Security Threats
Cyber threat sources include disaffected employees, investigative journalists,
cybercriminals, extremist organizations, hacktivists, organized crime groups, and foreign
intelligence services ((ITU, 2011). Among them, sources that attempt to target SMEs are
employees, cybercriminals and organized crime groups. These sources engage in their
cybercriminal activities to pursue economic gains or to express their hatred against an
employer. Compared to them, other sources (i.e., investigative journalists, extremist
organizations, hacktivists, and foreign intelligence services) are motivated to attain
political or social causes.
Cyber security threats can be divided into two types depending on origins of threats: (1)
internal threats and (2) external threats. Previous research on cyber security did not pay
much attention to insider threats compared to external threats (Jang-Jaccard & Nepal,
2014). Internal threats refer to an intentional misuse of information systems by
employees who have authorised access rights. This type of threat is based on the
assumption that humans are the weakest link in cyber security management (Guo, Yuan,
Archer, & Connelly, 2011; Ifinedo, 2014; Warkentin & Willison, 2009). Employees have
malicious intentions for various reasons, such as disgruntlement at an employer,
12
pecuniary motives or antagonism of corporate values. Misuse behaviour includes pure
sabotage, stealing business or customer information, and knowingly participating in the
outsiders’ commission of a cybercrime. It is challenging to defend against insider attacks
in that insiders take advantage of their access privileges already acquired for legitimate
uses (Jang-Jaccard & Nepal, 2014). These are a form of deviant behaviour in the
workplace, which provides a reason why criminology theories can be useful in
understanding insider threats (Theoharidou, Kokolakis, Karyda, & Kiountouzis, 2005).
Theories, such as general deterrence theory, social bond theory, and social learning
theory, have been suggested to explain insider misuse of information systems.
Secondly, external threats are posed by an entity outside the security perimeter. Outside
attackers refer to all groups of cyber attackers after excluding insiders. Gehem, Usanov,
Frinking and Rademaker (2015) noted that most cyber-attacks derive from outside the
organisation. IBM (2014) reported that in 2013 over half (56%) of attacks came from
outsiders and less than a fifth (17%) of attacks emanated from insiders. They use various
threat tools and techniques9 to infiltrate targeted computer system. Among them,
malware (e.g., worms, spyware, and ransomware) has been found as one of the prevalent
cyber threats to individuals, businesses and public sector organisations (Choo, 2011;
Jang-Jaccard & Nepal, 2014). In 2016, 357 million unique malware variants were
detected for the first time and a large volume of malware was distributed via email
(Symantec, 2017). However, clear division between insider and outsider threats gets
blurred. Around a fifth (22%) of cyber-attacks is committed through cooperation between
outsiders and insiders (IBM, 2014). This malicious cooperation has a potential for
13
exacerbating victimisation situations by expediting an attack process or raising its success
rate.
2.3 Typologies of Cyber Security Threats
Threats in cyberspace can be classified by various formats depending on perpetrators,
victims, modus operandi and damage. A researcher with different research orientation
tends to use a different typology. There are no unified sets of typologies which are
accepted by the majority of cyber security researchers. Nye (2010) suggested four types
of cyber threats to national security: cyber terrorism, cyber war, cybercrime and
economic espionage. Cyber war is an array of hostile activities in cyberspace against an
enemy state by a nation or its agents by using information technologies. Defending
against cyber war is related to international law, being different from criminal
investigation and prosecution by domestic law. Unlike the other three types, cyber war is
out of the purview of this research.
Cyber terrorism was first termed by Barry Collin (1997) in the 1980s. The term has been
commonly used by various entities in society, such as academics, policy makers, and
media. Mass media is considered the main driver of the popular usage of the term, using
this term to capture any sort of large-scale cyber-attack cases (Conway, 2018). Mass
media tends to overhype stories and events to create media sensation. In this respect, the
term, terrorism, is preferred by media due to a high level of fear and violence attached to
it. These days, cyber terrorism has become an overused term without consideration of the
14
attributes and characteristics it carries. Hoffman (2016) suggested five major criteria of
terrorism: (1) political aims and motives, (2) violence or threatened violence, (3) planned
to entail long-term psychological repercussions beyond the immediate victim or targets,
(4) executed by an organization with a chain of command or conspiratorial cell structure
or by (a small collection) of individuals influenced by ideological aims, and (5)
committed by a subnational group or non-state entity. If these traditional criteria are
applied to cyber terrorism, it can be defined as illegitimate attacks or threats to violence
against computers, electronic networks and digital information by a non-state or
subnational group for its political or social aims. However, cyber terrorism is a form of
abusing information technologies and it can be understood as a subset of cybercrime.
Criminal justice departments deal with cyber terrorist attacks not as a new type of cyber-
attacks, but as part of cybercrime (Jang, 2014). It is of importance to note that cyber
terrorism and cybercrime are not mutually exclusive concepts.
The proliferation of electronically stored information has created more opportunities to
steal digitized information. Economic espionage refers to the act of acquiring trade
secrets from domestic companies or government entities to benefit a foreign state
(Danielson, 2019). It is carried out to satisfy a nation’s economic interests, which are
considered a crucial dimension of its national security. As opposed to this, industrial
espionage is a misappropriation of trade secrets, perpetrated by private entities for
economic gain. However, there is some overlap between these two concepts and their
usage by researchers is not consistent (Nasheri, 2015). In reality, it is not easy to
distinguish these two in that attribution of any cyber-attacks is extremely difficult. Both
15
types of espionage escalate tensions between nations and discourage business motivation
for technological innovation. Therefore, there are serious reasons that government has to
intervene. It is predominantly the US corporations that are targeted most because they
invest more resources in Research and Development (R&D) (Tucker, 1997). Due to the
damaging effects of espionage, the US set up the Economic Espionage Act of 1996. This
Act criminalizes two forms of trade secret theft: theft for the benefit of a foreign entity
(economic espionage) and theft for pecuniary gain (industrial espionage) (Doyle, 2016).
Cybercrime has been used as a generic term for describing crimes that occur in
cyberspace. The term refers to “criminal or harmful activities that involve the acquisition
or manipulation of information for gain” (Wall, 2017), focusing on activities related to
information. Due to its abstraction this definition is able to include a wide array of
deviant behaviours in cyberspace, but it lacks cyber or technical concepts. In other words,
what differentiates cybercrime from offline crime is not clearly touched upon.
Compared to the Wall’s definition, Robinson et al. (2012) defined cybercrime as “a broad
range of activities that involve the misuse of data, computer and information systems, and
cyberspace for economic, personal or psychological gain”. This definition points out the
nature of activities in cyberspace in detail, incorporating cyber and technical elements.
However, the term, misuse, is vague. This term needs to be defined clearly for application
to real cases. In addition, this definition includes intentions of a perpetrator, but does not
consider criminological perspectives involving criminogenic nature of activities and
impact on victims. This can lead to a failure of a distinction between economic espionage
and cybercrime. Understanding cybercrime varies greatly depending on the person who
16
wants to define it. Policy makers, researchers or practitioners will have different
approaches to comprehend cybercrime.
A useful way of understanding cybercrime is categorizing it. Due to its complex nature, it
is difficult to identify categories of cybercrime by a single approach. The Council of
Europe Cybercrime Convention (2001) suggested three categories, which are ‘offences
against the confidentiality, integrity and availability of computer data and systems’ (Title
One), ‘computer-related offences’ (Title Two) and ‘content-related offences’ (Title
Three). The first category considers offence objects (i.e., computer data and systems),
while the other two categories focus on the modus operandi of the offence (United
Nations Office on Drugs and Crime, 2013). Based on this categorization, specific acts
which belong to each category are presented below (Table 2.1). However, cybercrime
categories and acts which constitute cybercrime do not exist in a fixed format. They are
changeable over time as newly developed information technologies reshape social
interactions and human behaviours.
Table 2.1: Typology of cybercrime (United Nations Office on Drugs and Crime, 2013)
Categories Acts
Acts against the confidentiality, integrity  Illegal access to a computer system
and availability of computer data or  Illegal access, interception or
systems acquisition of computer data
 Illegal interference with a computer
system or computer data
 Production, distribution or possession
of computer misuse tools
 Breach of privacy or data protection
measures
17
Computer‐related acts for personal or  Computer-related acts involving hate
financial gain or harm speech
 Computer-related production,
distribution or possession of child
pornography
 Computer-related acts in support of
terrorism offences
2.4 Technology's Impact on Cyber Security Risk
The commercial possibilities of the Internet are vast and marketing products and/or
services via Internet email is an inexpensive and easy way to advertise to millions of
people (Attaran, 2010). However, the increase in online marketing practices and e-
commerce has spawned prolific online fraud (Baker, 2010). Misleading and fraudulent
practices in electronic commerce have increased appreciably according to the National
Users League (Attaran, 2010). Because consumers have become used to receiving
legitimate marketing emails and commercial communications, it is relatively easy for
people committing fraud to send credible-looking messages to many potential investors
(Baker, 2010).
The World Wide Web has made it easier for people to become entrepreneurs and has led
to a rapid growth of companies, many of which run “virtual offices” and sell products via
the Internet, which in turn has fuel led Internet fraud (Baker, 2010). Even though growing
very rapidly, electronic commerce is still developing, and many entrepreneurs are yet to
establish an online presence. Ultimately, if they cannot embrace the technology that the
Internet offers, they will lose out to competitors who have modernized their sales and
marketing strategies. However, many scams aim to take advantage of an entrepreneur's
18
Internet innocence. It is therefore prudent that Internet-related business opportunities are
as carefully considered as any other business opportunity would be, and that
entrepreneurs learn about the associated risks and adequately protect their businesses
from would-be online criminals (Attaran, 2010).
2.5 Cyber Security Risk Management Framework
Risk management is referred to as a series of activities of controlling risk within its
acceptable level (Raggad, 2010). Cyber security management is not just a selection of
security controls. A one-dimensional process posits that there is a simple causality or
relationship when it comes to decision-making. However, cyber security management
involves a series of decision-making processes to select, implement, and maintain the
proper controls. Security threats change over time and supportive resources are limited.
Therefore, there is no hard and fast rule regarding an evaluation of effective security
activities. In this respect, cyber security management is seen as a multi-dimensional
decision-making process rather than the one-dimensional process in this study.
There are a wide range of variations of risk management frameworks and how they
should be defined. Such frameworks are proposed by government organizations (e.g.,
National Institute of Standards and Technology [NIST] and National Aeronautics and
Space Administration), international organisations (e.g., European Union Agency for
Network and Information Security [ENISA]), or international professional associations
19
(e.g., ISACA11) as well as prominent scholars (e.g., Raggad). In this section, four
representative risk management frameworks are suggested.
Raggad (2010) suggested a risk management life cycle which consists of:
(1) risk planning,
(2) risk analysis,
(3) risk treatment and
(4) risk monitoring.
Risk planning involves developing a preparatory strategy which covers identifying risk
and assets involved and determining a set of available responses. Secondly, risk analysis
includes risk identification and risk assessment. Risk can be identified via various
methods such as vulnerability or threat analysis, event tree analysis, and attack trees.
These methods intend to identify risk, but using different concepts (i.e., vulnerability,
threat, or attack). Upon identification, risk is assessed through determining the level of
risk and the potential impact of the risk. A technique that is widely used is a risk matrix.
It calculates risk criticality of each asset by measuring the likelihood and impact of the
risk involved. Risk assessment is useful to prioritize treatment efforts and to measure
expected benefits resulting from the treatment against the risk impact. These two sub-
stages refine the nature of risk events and consequences of them. Thirdly, risk treatment
involves the implementation of security controls. Decisions on what sort of security
controls will be taken, how, and when to take them depend on the risk involved because
this phase aims to maintain the identified risks to acceptable levels. The last phase is risk
monitoring. Risk needs to be continuously monitored as existing risks change and new
20
ones appear. This process evaluates whether risk is properly under control by revisiting
the prior phases. The whole phases constitute an iterative process as is described as ‘life
cycle’. This life cycle is a continuing process that needs to reflect the internal and
external dynamics of an organization as well as the changing nature of security risks.
Figure 2.1 Raggad’s risk management life cycle (Source: Raggad, 2010)
A COBIT 5 framework from ISACA (2013) consists of similar phases to the Raggad’s
risk management life cycle. It includes:
(1) risk identification,
(2) risk assessment,
(3) risk response and
(4) risk monitoring and reporting.
Techniques and methods from the Raggad’s framework can also be used in most of the
phases here. However, there are some subtle differences. One is an emphasis on risk
reporting. Risk analysis needs to be reported to managers and owners in order to support
their decision-making. From practitioners’ point of view, internal reporting of risk is a
crucial reflection of whether senior management accepts cyber security as a priority.
21
The third phase, risk response, is the same concept with risk treatment in the Raggad’s
framework. It refers to acting upon the identified risks, aiming to align the residual risks
within acceptable tolerance. There are four strategies: (1) acceptance, (2) transfer, (3)
mitigation, and (4) avoidance. Risk appetite is the amount of risk that an organisation is
willing to accept without acting upon it. If risk is below risk appetite, the risk will be
accepted. Risk can be transferred to or shared with a third party organisation (e.g.,
purchasing insurance, outsourcing to other organisations, or using cloud computing).
Also, risk can be mitigated by deploying security controls (e.g., access control policies,
firewall or recovery plans). The most drastic strategy is risk avoidance. Risk can be
avoided by shutting down a part of IT system which exposes vulnerabilities or risks in
question. Although these strategies are explained in the book by Raggad (2010), they are
not indicated as strategies for risk treatment.
Figure 2.4 ISACA’s risk management life cycle (Source: ISACA, 2013)
NIST’s framework is also based on a risk approach. It involves the management of
organisational risk in relation to information system. It consists of six steps (NIST, 2017,
pp. 9-10):
22
(1) it starts by categorising information and its system based upon an impact analysis,
(2) select a set of control baseline and adjust it based on risk assessment and
organizational conditions,
(3) implement the security controls and document how the controls are deployed,
(4) assess the security controls using appropriate procedures,
(5) authorize the information system operation based upon a determination of the risk and
(6) monitor the selected controls in the information system on a regular basis.
This framework is constructed as part of an organization-wide risk management approach
(NIST, 2017), putting emphasis on strong engagement of organizational resources. Risk
concerns are dealt with at three levels: (1) organization level, (2) mission/business
process level, and (3) information system level. This approach requires risk management
to be combined into organization management. In contrast to other frameworks which
predominantly focus on aspects of risk, this framework extends the scope of risk
management. First and foremost, it involves a successful execution of risk management.
Methods and processes of undertaking risk management are developed in line with
organization management aspects, such as cost-effectiveness, business missions, business
success, and organizational structure. Secondly, this framework aims to protect not only
information assets, but also individuals. Impacts or consequences of risks against
individuals are concerned in this framework.
23
Figure 2.3: NIST’s risk management framework (Source: NIST, 2017)
A risk management framework by ENISA (2016) is quite similar to the first two
frameworks aforementioned in terms of constituting phases. However, it is distinctive in
that this framework acknowledges risk assessment as a significant part of risk
management. Risk assessment is perpendicular to several risk management phases (see:
Figure 2.4). This shows that risk assessment is carried out at discrete time points (e.g.,
quarterly or yearly) to evaluate current risk (ENISA, 2016). One important common
feature of all the frameworks is that they are presented as iterative processes without an
end point.
24
Figure 2.4: ENISA’s risk management framework (Source: ENISA, 2016)
2.6 Management of Cyber Security
2.6.1. Cyber Security Management Measures
Cyber security risk originates from the deep infiltration of IT systems and devices into
business activities. This creates a management environment in which cyber security is no
longer confined to an IT department, but requires senior management attention (Lee,
2013). It implies that cyber security should be accepted as one of the management
priorities that senior managers are aware of. In this respect, it is highly recommended for
cyber security professionals to have competent business and management skills (Rainer
Jr, Marshall, Knapp, & Montgomery, 2017). This approach argues that cyber security
should be considered in a management context (Chang & Ho, 2016; Singh et al, 2013;
25
Soomro et al., 2016), becoming core part of business management. This argument is in
line with Borodzicz and Gibson’s (2006) claim that management of risk and security
ought to be considered as part of mainstream business management. It is therefore worth
looking at how cyber security can be intermingled with business management.
2.6.1.1. Security Policy
Security policy outlines what kind of security controls a company adopts and how they
should be implemented, providing a direction and support to cyber security activities.
Security policy theorists argue that cyber security policy should be established,
implemented, and maintained (Hong, Chi, Chao, & Tang, 2003). Creating a policy that
reflects both internal and external contexts is just the start of cyber security management.
Establishment of policy requires management concern and support toward cyber
security. Policy should be formulated first, but implementation of it cannot be
overemphasized. It is of importance for employees to realize the significance of abiding
by the policy. Once security policy is adopted, execution of the policy is in the hands of
employees. One keen interest is how to encourage employees to increase their
compliance with cyber security policies.
It is argued that cyber security awareness and training are significant factors to raise
policy compliance (Soomro et al., 2016). Siponen, Mahmood, and Pahnila (2014) argued
that awareness of employees positively influenced their compliance with security policy,
and it is also noted that a training program had a positive impact on employees’
compliance behaviour (Albrechtsen & Hovden, 2010; Puhakainen & Siponen, 2010).
Siponen et al. (2014) further emphasized the role of senior managers in that they were
26
primary facilitators for raising employee awareness. At the same time, senior managers
need to ponder over how to communicate the policy to end users in a company in order
to properly implement it. Managerial intervention is an effective measure to make
employees perceive vulnerability and severity of cyber security threats. Several scholars
(Doherty, Anastasakis, & Fulford, 2019; Singh et al., 2013) claimed that an existence of
policy had a causal impact on the effectiveness of cyber security.
As new technologies are introduced, a policy needs to be changed accordingly. It is
important to review the policy regularly with the changing business environments (Singh
et al., 2013). This is because every new technology has its own security weaknesses
along with business benefits. In addition, companies need to ensure that their
subcontractors and consultants are covered by the policy. It is especially true when
computer servers of the subcontractors and consultants are foreign-based. Companies
need to make sure of two things: (1) the servers are physically safe from natural and
man-made disasters; and (2) they are embedded in secure network environments. The
same argument can be applied to cloud computing services. How to control new
technologies and services provided by third parties is a continuous challenge when it
comes to a cyber security management policy.
2.6.2. A Balanced Approach to Security Controls
Technical solutions at operational level have been emphasized in dealing with the cyber
security challenges (Singh et al., 2013). In the early era of research, researchers from
computer science focused on developing and configuring technical security measures to
improve operational levels of detection and protection. This trend was reasonable in that
27
technical elements are the core parts when it comes to cyber security. As the literature on
technical aspects of cyber security management increased, deploying technical controls
for detection and mitigation became the suitable solution. Technical controls, such as
network security (e.g., firewall, Intrusion Detection System), data protection (e.g.,
encryption), and access controls (e.g., biometrics), were proposed as feasible measures to
prevent security breaches. Thus far, companies adopted technology-oriented security
strategies in designing safe business environment, stressing the principal role of
technology (Siponen, 2015). However, despite the advancement of technical controls, the
frequency and severity of cyber security breaches continued to rise.
The complexity of technology is one of the biggest challenges not only for security
practitioners but also for senior managers who make decisions on cyber security
management (Werlinger et al., 2019). Without proper knowledge of technology, it is
very hard to understand the nature of cyber threats. To make matters worse, if senior
managers do not have enough understanding of technology, management decisions
might be misaligned with the configurations of technical systems.
2.6.3. Knowledge for Risk Reduction
Knowledge is “the theoretical or practical understanding of a subject, fact, information,
value, or skill achieved through education or experience” (Safa et al., 2016). It is an
invaluable asset that can bring a competitive edge to businesses by supporting cost
reduction, asset distribution and decision-making processes. In knowledge management,
making the best use of knowledge is to share it (Wang & Noe, 2010). Knowledge
sharing needs to be emphasized in cyber security in that any employee without a proper
28
knowledge can be a weakest point from cyber threats. Cyber security knowledge sharing
is of significance in raising users’ awareness as well as reducing cyber security risks
(Safa et al., 2016).
There is a great body of studies which address the relationship between knowledge and
risk mitigation (Arachchilage & Love, 2014; Asgharpour, Liu, & Camp, 2017; Ben-
Asher & Gonzalez, 2015; Cranor, 2008; Han & Yoo, 2016; Parsons et al., 2015). Several
studies noted that knowledge had a positive impact on various dimensions of cyber
threats. Arachchilage and Love (2014) found that the combination of conceptual and
procedural knowledge positively influenced phishing threat avoidance behaviour.
Evaluating the role of knowledge on threat detection, Ben-Asher and Gonzalez (2015)
found that cyber security knowledge increased correct detection of malicious attacks.
They argued that threat detection was the dimension that knowledge could be taken
advantage of. However, there is another aspect which requires consideration. The causal
relationship between knowledge and risk mitigation is facilitated through decision-
making processes (Ben-Asher & Gonzalez, 2015). In other words, risk mitigation is a
desirable result of the decision-making process which is conditioned by knowledge. For
example, more knowledge of security policies is related to behavioural compliance to
those policies (Parsons et al., 2014). This is why knowledge is recognized as an
indispensable element in making risk-reducing decisions (Cranor, 2018). From a slightly
different aspect, it was argued that cyber security knowledge by top management could
mitigate risks by changing perceptions and behaviours of employees (Han & Yoo, 2016).
29
2.6.4. Cyber Security Culture as an Adaptation of Organizational Culture
It is argued that an effective cyber security culture has a significant influence on the
management of cyber security (AlHogail & Mirza, 2014; Mahfuth, Yussof, Baker, &
Ali, 2017; Parsons et al., 2015). In a study by Knapp, Marshall, Rainer and Morrow
(2004), organizational culture was identified as 7th key issue by 874 certified
information security professionals. Cyber security culture is a certain form of
organizational culture. Before examining the theoretical foundation of cyber security
culture, organizational culture needs to be understood. There is a lack of consensus on
the definition of culture as a concept (Pfeffer, 2017). Organizational culture has been
attempted for conceptualization from various aspects. Organizational culture can be seen
as a set of criteria that distinguish one organization from another (Robbins and Judge,
2013) and as a mechanism that binds old and new members of the organization together
(Stroh, Northcraft, and Neale, 2002). The organizational culture not only influences
perceptions, behaviours, and decision-makings of employees (Parsons et al., 2015), but
also it is shaped by them along with organizational visions, goals, and strategies.
2.7 Chapter Summary
The literature reviewed the nature of the risks and threats, various aspects of cyber
security management, such as risk management frameworks and organizational
behaviours, were investigated in order to understand the management processes. This
investigation is expected to lay the foundation for the effective and efficient
30
implementation of cyber security management. Cyber security is an emerging area and
resolving cyber security problems requires an interdisciplinary approach.
CHAPTER THREE
METHODOLOGY AND SYSTEM ANALYSIS
This chapter describe the software development methodology used in this research.
Furthermore, the functional and non-functional requirements of the system are explained
in detail and the use cases which are a list of steps, typically defining interactions
between a role and a system, to achieve a goal. Class diagrams have been given to show
detailed data modeling of the system which will be translated into code.
3.2 Methods of Data Collection
The method of study is based on information from various papers, Internet website and
articles written on the office automation system. In other words, the research has
secondary research approach.
Findings during the investigation process were gathered so as to fully identify the
problem areas of the existing system. There are some flaws that were identified which the
proposed system intends to correct. This stage is an important intermediated stage
between investigation and design.
Naturally, observation is the process of noting and recording an event and for this project;
observation is by participation in the quest for patients monitoring service in order to
understand the whole process.
31
3.2.1 Methodology
This Document plays a vital role in the development life cycle (SDLC) as it describes the
complete requirement of the system. It is meant for use by the developers and will be the
basic during testing phase. Any changes made to the requirements in the future will have
to go through formal change approval process.
Water fall model was being chosen because all requirements were known beforehand and
the objective of our software development is the computerization/automation of an
already existing manual working system.
Figure 3.1: Water Fall Model
32
Water fall model was developed by Winston Royce in 1970 and consists of the following
steps: requirements analysis and specification, software design, software implementation
and integration, and testing.
Requirement analysis and specification involves understanding customer needs and the
behavior of the proposed system to meet such needs. It also entails identifying design
constraints and producing a software requirements specification (SRS) document.
Software design is the actual process by which the customer needs are realized by the
system. This would include flowcharts, algorithms, the database structure, and the
graphical user interface (GUI). The overall system must be visible at this stage.
Software implementation and integration is where all system functions or modules (e.g.
input/output, error messages) are coded and subsequently integrated. All software
modules must be robust, as compact as possible, and formatted to be readable with
commenting where necessary. Testing ensures that all invalid date types are rejected or
subject to error messages and that the entire product is stable under all possible
conditions.
The waterfall model has the advantage of a high-level abstraction which aids in design
implementation. It is also simple such that deliverables at each stage are explicitly stated.
One drawback is the inability to offer design alternatives if changes are to be made to the
software requirements. Another hindrance is that testing is usually performed near the
project’s end which is time consuming and restrictive. Changes made at this stage may
require incidental changes to the previous three steps so that another traversal of the
waterfall process is needed.
33
Other software development models examined were the rational unified process (RUP),
and iterative models. Their main strength is controlled, repetitive testing at all
development stages. This means that requirement changes, performance bottlenecks, and
system flaws can be identified early and addresses over several iterative steps leading to
faster production and better quality. For this project, the Waterfall model was chosen in
spite of its inherent flaws. Rather, the rigid structure and deliverables at every stage was
deemed better than the advantages of other models. For a small project with a team of
one person, the most important deliverable was robust, working code. To this end, the
project utilized a somewhat enhanced Waterfall model by rigorous testing at the software
implementation and integration stage. This was an attempt to minimize project changes
and the time taken for testing.
3.3 Analysis of the Existing System
Cyber security is quite challenging, this is due to varied degrees of security features and
management schemes within the cloud entities in the cyberspace. Majority of cyber-
criminal activities do not involve physical damage or stealing of equipment, but are rather
intellectual manipulations, what the researcher has decided to coin white collar crime.
This makes it difficult to track down the cyber criminals. More so, there is no
comprehensive policing system to check the activities of cyber users nor stringent
regulations on the prosecution of the criminals if at all they can be detected. In this
circumstance, one logical protocol base needs to evolve so that the entire interconnection
34
of components operates synchronously and securely. Reporting these attacks is an
essential first step to overcoming the growing problem of cyber insecurity.
Conventionally, in Delta State University issues on cyber crime are reported to the
Information Technology (IT) unit. The personal in the IT unit in turns file up the report
and investigate the cybercrime.
IT Unit
e
t a crim
or
Rep
IT Unit file all the files and report

Strat investigation
Lecturers/Student
Store
Figure 3.2: Structure flow of the existing system
3.3.1 Problem of the Existing System
 It is limited to a single system.
 It is less user-friendly.
 It is having lots of manual work (Manual system does not mean that you are
working with pen and paper, it also includes working on spread sheets and other
simple software's)
 It requires more no of employees need to work.
35
 It is time consuming process.
 The present system is very less secure.
 It is unable to Maintain users specific information and also their policy info.
3.4 Analysis of the Proposed System
The proposed system cyber security management system. The system is designed to be
window-based system. Designed to help the university administration to always get the
new suggestion to cyber security management control programs used by different
organizations.
In proposed automation system, with login credentials, the lecturers/students can update
information about cyber-crime. The proposed system, tracks the entire reports of staff and
students. The information in the database of the system is captured using three parameters
supporting data mining viz: exploration, knowledge discovery and knowledge
exploitation (informing authorities on information discovered).
36
Admin Admin
information
Staff/student
Submit report Admin
Report
View report
Status CYBER SECURITY MANAGEMENT
SYSTEM
Search
Accept Information
registration Search
View
Request Creators report
Authenticate Users (login)
Figure 3.3: Data flow diagram of the proposed system
3.4.1 Advantages of the Proposed System
i. The system will provide data storage and manipulation for the department staff.
ii. This system will provide data management: Data management is one of the major
components of office automation system that offers strategic advantages by
simplifying the management of stored data and information.
iii. The system will also create means for data exchange: Exchange of stored or
manipulated data and information is also an important component of an office
automation system. Sending files or exchanging data or information between one
or more than one member of an organization has become possible with an
electronic transfer application. Through a network connection, all data and
37
information, including text documents, presentations, spreadsheets, images, and
videos can be sent in real-time within a few seconds. Illustrating the collaborative
nature of an office automation system.
iv. The system will provide data efficiency and accuracy.
v. The system will reduce the probability of errors.
vi. This system will help to save time and resources: The system will empower the
university system to save both time and money. It simplifies and automates those
complex tasks, which earlier required a dedicated resource and a great amount of
time.
vii. The system will help to reduce costs: Since every process is now automated, there
is no need to invest much on hiring new resources for taking care of those tasks,
which can be easily executed using an automation system.
3.5 High Level Model of the Proposed System
The unified modeling language allows the software engineer to express an analysis model
using the modeling notation that is governed by a set of syntactic semantic and pragmatic
rules. A UML system is represented using five different views that describe the system
from distinctly different perspective. Each view is defined by a set of diagram, which is
as follows.
i. User Model View
a. This view represents the system from the user’s perspective.
38
b. The analysis representation describes a usage scenario from the end-user’s
perspective.
ii. Structural model view
a. In this model the data and functionality are arrived from inside the system.
b. This model view models the static structures.
iii. Behavioral Model View
a. It represents the dynamic of behavioral as parts of the system, depicting the
interactions of collection between various structural elements described in the
user model and structural model view.
iv. Implementation Model View
a. In this the structural and behavioral as parts of the system are represented as
they are to be built.
v. Environmental Model View
In this the structural and behavioral aspect of the environment in which the system is to
be implemented are represented.
UML is specifically constructed through two different domains they are
 UML Analysis modeling, which focuses on the user model and structural model
views of the system.
 UML design modeling, which focuses on the behavioral modeling,
implementation modeling and environmental model views.
39
Add User
Delete User
Submit report Data
View report status
Perform Query
Generate Report
Figure 3.4: Use case diagram of the proposed system
40
CHAPTER FOUR
SYSTEM DESIGN AND IMPLEMENTATION
This chapter will discuss the system design and implementation of the cyber security
management system. An application can be best design and implemented, in order to
create a modifiable application, suitable as a model for other similar systems. To meet the
needs such applications, new standards and design models have evolved. All new
applications should be designed by using service layers. This the type of structure that
will lead to better applications that can be more easily extended and updated in new
versions,
To do this, it is especially important to distinguish between the business and data
services, separating these services in the application design allows for more flexibility
during development and can aid important factors such as scalability for an application.
Because user services will directly interact with and provide services for user interface.
4.2 System Design (Design Overview)
The system is designed with the 3-tier architecture. A 3-tier architecture is a type of
software architecture which is composed of three “tiers” or “layers” of logical computing.
They are often used in applications as a specific type of client-server system. 3-tier
architectures provide many benefits for production and development environments by
modularizing the user interface, business logic, and data storage layers. Doing so gives
greater flexibility to development teams by allowing them to update a specific part of an
application independently of the other parts. This added flexibility can improve overall
41
time-to-market and decrease development cycle times by giving development teams the
ability to replace or upgrade independent tiers without affecting the other parts of the
system.
For example, the user interface of the application could be redeveloped or modernized
without affecting the underlying functional business and data access logic underneath.
This architectural system is often ideal for embedding and integrating 3rd party software
into an existing application. This integration flexibility also makes it ideal for embedding
analytics software into pre-existing applications and is often used by embedded analytics
vendors for this reason. 3-tier architectures are often used in cloud or on-premises based
applications as well as in software-as-a-service (SaaS) applications.
 Presentation Tier- The presentation tier is the front-end layer in the 3-tier system
and consists of the user interface. This user interface is often a graphical one
accessible through a web browser or web-based application and which displays
content and information useful to an end user. This tier is often built on
technologies such as JavaScript or through other popular development
frameworks, and communicates with others layers through API calls.
 Application Tier- The application tier contains the functional business logic which
drives an application’s core capabilities. It’s often written in Java, .NET, C#,
Python, C++, etc.
 Data Tier- The data tier comprises of the database/data storage system and data
access layer. Examples of such systems are MySQL, Oracle, PostgreSQL,
42
Microsoft SQL Server, MongoDB, etc. Data is accessed by the application layer
via API calls.
Fig. 4.1: System Design Overview
There are many benefits to using a 3-layer architecture including speed of development,
scalability, performance, and availability. Modularizing different tiers of an application
gives development teams the ability to develop and enhance a product with greater speed
than developing a singular code base because a specific layer can be upgraded with
minimal impact on the other layers. It can also help improve development efficiency by
allowing teams to focus on their core competencies. Many development teams have
separate developers who specialize in front- end, server back-end, and data back-end
43
development, by modularizing these parts of an application you no longer have to rely on
full stack developers and can better utilize the specialties of each team.
4.2.1 System Description
The developed system was design with Visual Studio 2010. In addition, based on the
knowledge that we have acquired and the software that we are familiar with, the
operating system of the Server is Windows 7 Server, and the database management
system is Microsoft SQL Server 2008. SQL Management Studio Server 2008 is one of a
few mainstream database management systems at the present. Web application server is
IIS5.0, and uses Visual Studio 2010 and CSS5 as the application software development
platform.
Visual Studio 2010 and CSS5 is a page editor launched by the Microsoft Cooperation
Company which combines windows application making and website management. It
combines visual layout tools, application development function and code editing support
as a powerful tool, which is easy and convenient to operate; thus, developers and
designers at any level can use it, quickly create an attractive interface on the basis of the
standard site and applications. Moreover, ASP can be used to deal with the presentation
layer, that is, a part of the HTML page.
The system database requires many interconnected functional structures. Normally, the
database and web server are on separate computers or servers but for this project, the host
computer acts both as the web server and the database server.
44
Graphical User Interface
DATABASE APPLICATION
SQL MS Web Server (Apache)
Figure 4.2: Database Functional Structures
This system manages the information about various lecturers teaching materials,
information about subject’s marks obtained by students in different semesters and then
generate a final report of each and every student.
In this system, lecturers can update the teaching materials and information about
subject’s marks obtained by students in different semesters which can be viewed by the
department head. The proposed system, tracks the entire academic data of lecturers.
These include: the publications made, conferences attended and the papers presented at
conferences, the research in progress and the courses taught. In addition to theses,
lecturers have to provide their qualifications, just in case there has been an upgrade.
In result analysis automation module, the cycle test, internal assessment marks are
updated and pass percentage of each subject, each class, each year and entire department
is calculated.
45
4.3 System Implementation
The new system is designed to be put into efficient use. Here, we will look into the
various technical aspects that influenced the successful implementation of this system
and determine the effective operation of the system. System implementation follows the
approval of the system proposals and its objectives; thus, it is to arrive at a satisfactory,
implemented, completed, and function evaluated automated system. It also embodies the
preparation of resources including equipment and personnel.
4.3.1 Graphical User Interface Design
Mentally visualizing the page layout was an obstacle to coding the pages. Rough sketches
were made on paper which included the main functions of each page, links to other
pages, links to other functions, and the layout of the required information fields. While
this had to be done for all web pages, it gave an appreciation of the web design and the
need for a comprehensive navigation bar on all pages. To ensure that the user was not
lost, each page (except the main page) contained a descriptive name for the page function
(e.g. Signup page, login). A link or navigation bar was inserted below this descriptive
page title.
4.3.2 Navigational Structure Design
46
To minimize user navigation through the conventional task pane, the main page is
sectioned into functional tables with available options. This reduces navigation and
looking for available sub-options by sectioning performable operations which reduces
unguided navigation. For example, selecting an option takes one mouse click with this
system and a minimum of one mouse click with the conventional system.
Thus, only pre-defined operations are available to the user as they go deeper into
sectioned functions. Pages that link to the main or homepage have a link bar at the top
after a description of the current page function. This link bar is also restricted in that
listed functions are related to the page function. For instance, if the user wants to view his
schedule, only schedule related functions (edit schedule, print schedule) will be available
when the view schedule function page is accessed. While this does reduce available
navigation options, to ensure that the user does not feel confined or lost, the navigational
structure includes a link to the previous page (Back), a home page link, a help link, and a
non-prompt logout link. Both the help and logout links are important universal functions
which are highlighted in a different colour for easy recognition and strategically placed at
the farthest right.
4.3.3 Entry module
The entire module is responsible for all input data requirements. It receives input data
from the computer users and stores them adequately into file. The entire provisions are
made very flexible and precise as shown below:
47
CYBER SECURITY MANAGEMENT SYSTEM
NAME
MAT.NO /STAFF ID
GENDER
DEPARTMENT
PASSPORT
USERNAME
PASSWORD
SUBMIT
Fig. 4.2: Registration form
USERNAME
PASSWORD
LOGIN
Fig. 4.3: Login form
48
4.3.4 Report module
The report module, tables all forms of report generation. It displays conditional and
unconditional reports. The reports are made comprehensive and timely.:
USERNAME
NAME
MESSAGE
SUBMIT
Fig. 4.4: Report form
4.3.5 Update module
The update module is responsible for modifying stored data or record in the files. The
records are searched for in the file and retrieved adequately and then, the update data are
retrieved and necessary corrections are made automatically by the computer as adequate.
However, it is responsible in keeping track of all the transactions that takes place. It is
also known as main menu transaction.
49
NAME
MAT.NO /STAFF ID
GENDER
DEPARTMENT
PASSPORT
USERNAME
PASSWORD
UPDATE
Fig. 4.5: Update form
4.3.6 Exit module
This is the module responsible for packing up or quitting the program entirely.
3.3 System Database Design
In information management system database plays important role in terms of data storing
and retrieval. The structure of database will directly affect the efficiency of system and
achievement of results. The good database structure design can improve the efficiency of
the data storage; make sure data integrity and consistency. The data base used in the
system was SQL 2008.
50
Table 4.1: Registration table result table
FIELD NAME DATA TYPE DESCRIPTION

S/N AutoNumber
NAMES Text
MAT NO./STAFF ID Text
DEPARTMENT Text
GENDER Text
PASSPORT Image
USERNAME Text
PASSWORD Text
Table 4.2: Report table

S/N AutoNumber
NAME Text
USERNAME Text
MESSAGE Text
Table 4.3: Login table

S/N AutoNumber
USERNAME Text
PASSWORD Text
ROLE Text
4.4 System Requirement
4.4.1 Hardware Requirement
For effective operation of the newly designed system, the following minimum hardware
specifications are recommended:
a) The computer system to use should be 100% IBM compatible since they are
considered done systems.
51
b) The computer system processor to be used should be Intel Pentium technology.
c) The minimum Random-Access Memory (RAM) should be 128MB.
d) The system should have a hard disk of at least 20GB, 3.5 floppy drive and CD-ROM
drive.
e) The system to use should be equipped with 14” VGA or SVGA monitor (colored).
f) The mouse, keyboard and printer are also required.
The listed configurations are the minimum requirements, but if the configurations are of
higher versions, the processing derived will definitely be better and the program will run
faster.
4.4.2 Software Requirement
The following specification is needed:
a) Operating system- Certified distribution of Windows.
b) Front end- Visual Basic 2010 Professional edition.
c) Back end- MYSQL 2008
Some additional features of VB like Datagrind, DataReport.
4.5 System Testing
Testing is the last stage in the software development and it presents an interesting
anomaly for the software engineer where he attempts to build software from an abstract
concept to a tangible product. During testing, the engineer creates series of test cases to
discard preconceived notions of the “correctness” of software just developed and
overcome a conflict of interest that occurs when errors are uncovered. As a secondary
52
benefit, testing demonstrates that the software functions appear to be working according
to specification, that behavioral and performance requirements appear to have been met.
In addition, data collected as testing is conducted provide a good indication of software
reliability and quality as a whole:
Testing the software follows a certain process as shown below
4.5.1 Unit Test
Each unit of the new system was tested (test run) individually alongside with the old
system in other to identify areas of further enhancement and development.
4.5.2 System Test
The entire system was as well tested (test run) in general alongside with the old system in
other to identify areas of further enhancement and development.
4.5.3 Packaging (Integration)
The software will be designed using C-sharp (C#) programming language. After which
will be complied and packed for easy installation in any computer system and further use.
The complied software will be transferred in to a CD.
4.6 System Review and Maintenance
The system needs to be review and maintained from time to time to add more
functionality, to expand the system activities and upgrade system programming and the
framework environment to higher version.
53
4.7 Installation Procedure
The application folder name is copy and pasted into the project file folder of the visual
studio document folder. Then click on the folder to open it. Visual studio must be
installed in the system.
4.8 User Guide
To use the application, internet information service (IIS) must be installed in the system.
Open a web browser, type http://localhost/the application name/default the click on the
keyboard or click on the go button in the browser.
54
CHAPTER FIVE
SUMMARY, CONCLUSION AND RECOMMENDATION
5.1 Summary
This study developed a cyber security management system: A case study of Delta State
University, Abraka. Cyber security management, in recent years, has become a serious
problem for organizations to deal with, especially financial institutions and individuals.
With the advancement of the Internet, the ability to implement underhanded and deviant
practices has become prevalent. This research work provides an overview of the literature
that discusses the cyber-crimes and provides users with the ammunition to prevent them
from becoming victims.
Furthermore, this research work described the software development methodology used.
And also, the functional and non-functional requirements of the system were explained in
detail and the use cases diagram was to define the interactions between a role and a
system. The use case diagrams show detailed data modeling of the system which was
translated into code.
In addition, this research work discussed the system design and implementation of the
cyber security management system. The application was design and implemented, in
order to create a modifiable application, suitable as a model for other similar systems.
5.2 Conclusion
The transnational nature of cybercrime and the interdependency of systems and Internet-
connected digital devices within and outside of countries' territories requires the sharing
of information about cybercrime across borders. Beyond that, the sharing of knowledge
55
about good practices regarding cybercrime investigations is needed. The dizzying array
of stakeholders involved in cybercrime investigations warrants a coordinated response to
cybercrime and the sharing of explicit and tacit knowledge between stakeholders. The
approaches to cybercrime investigations and the knowledge about investigations varies
by stakeholders and the country the stakeholders reside and/or operate in. The
management of this knowledge within and across borders is needed to ensure the
effective investigations of cybercrimes nationally and internationally. Measures that
include information and communication technology to facilitate knowledge management
sharing are of paramount importance as they enable the sharing of explicit and tacit
knowledge irrespective of the geographic location of knowledge sharers and receivers.
5.3 Recommendations
The following was recommended in this research work:
i. Strong legislations should be enacted by each nation and at United Nations level
on combating cybercrime.
ii. A special anti-cybercrime police force should be established to combat
cybercrime.
iii. All websites in the Internet should specify and contain surveillance software for
security checks against threats, and should permit cyber police access to check
threats as to detect and apprehend criminals.
iv. Punitive measures should be specified for various categories of cybercrime
as is the case with conventional crime and the criminals should be
prosecuted when apprehended.
56
v. Cyber security education should be introduced at all levels of education to
enlighten netizens and prospective ones on possible threats they are likely face
while using the Internet.
vi. Trans-border synergy should be initiated among nations with wireless connection
through GPRS for trans-border cyber police officers working in the field. Such a
system should also be designed to provide a communication tool with
international organization networks and information databases as
well as national organizations under the protocol of e-
government projects to combat cyber crime
vii. Organizations should initiate strong security measures to protect their digital
data. Hardware and software developers should be persuaded to build into
new products technological solutions to the prevalent cyber insecurity.
57
REFERENCES
Albrechtsen, E., & Hovden, J. (2010). Improving information security awareness

and behaviour through dialogue, participation and collective reflection. An
intervention studies. Computers & Security, 29(4), 432–445.
AlHogail, A., & Mirza, A. (2014). A framework of information security culture

change. Journal of Theoretical & Applied Information Technology, 64(2),
540-549.
Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users:

A phishing threat avoidance perspective. Computers in Human Behavior, 38,
304-312.
Asgharpour, F., Liu, D., & Camp, L. J. (2017). Mental models of security risks. In
S. Dietrich, & R. Dhamija (Eds.), Proceedings of the International
Conference on Financial Cryptography and Data Security (pp. 367-377).
Berlin, Heidelberg: Springer.
Attaran, N. (2010). The digitalization of retailing: an exploratory

framework.International Journal of Retail & Distribution
Management,44(7), 694-712.
Baker, B. (2010). E-commerce technology adoption: A Malaysian grocery SME

retail sector study.Journal of Business Research,68(9), 1906-1918.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on

attack detection. Computers in Human Behavior, 48, 51-61.
Bıçakçı, S. (2014). NATO’nun gelişen tehdit algısı: 21. yüzyılda siber

güvenlik.Uluslararası İlişkiler,10 (40) (Kış), 101-130.
Borodzicz, E. P., & Gibson, S. D. (2006). Corporate security education: Towards

meeting the challenge. Security Journal, 19(3), 180-195.
Chang, S., & Ho, C. B. (2016). Organizational factors to the effectiveness of

implementing
Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research
directions. Computers & Security, 30(8), 719-731.
58
Collin, B. C. (1997). The future of cyberterrorism: Where the physical and virtual
worlds converge. Crime and Justice International, 13(2), 15-18.
Conway, M. (2018). Media, fear and the hyperreal: the construction of

cyberterrorism as the ultimate threat to critical infrastructures (Working
paper 5). Dublin: International Studies Centre of Dublin City University.
Cranor, L. F. (2018). A framework for reasoning about the human in the loop.
Proceedings of the Conference on Usability, Psychology, and Security (pp.1-
15). San Francisco, California.
Danielson, M. (2019). Economic espionage: Framework for workable solution.

Minnesota Journal of Law, Science Technology, 10(2), 503-548.
Doherty, N. F., Anastasakis, L., & Fulford, H. (2019). The information security
policy unpacked: A critical study of the content of university policies.
International Journal of Information Management, 29(6), 449–457.
Dorman, E. (2015). Internet facilitated organized crime (IOCTA). The Hague:

European Police Office.
Doyle, C. (2016). Stealing trade secrets and economic espionage: An overview of

the economic espionage Act (R42682). Congressional Research Service, US
Library of Congress.
European Union Agency for Network and Information Security. (2016). Risk
management: Implementation principles and inventories for risk
management/riskassessment methods and tools. Retrieved from
https://www.enisa.europa.eu/publications/risk-management-principles-and-
inventories-for-risk-management-risk-assessment-methods-and-tools
Gehem, M., Usanov, A., Frinking, E., & Rademaker, M. (2015). Assessing cyber
security: A meta-analysis of threats, trends, and responses to cyber-attacks.
The Hague Centre for Strategic Studies. Retrieved from
https://hcss.nl/sites/default/files/files/reports/HCSS_Assessing_Cyber_Secur
ity.pdf
Göçoğlu,V. (2018).Türkiye’nin Siber Güvenlik Politikalarının Kamu Politikası

Analizi Çerçevesinde Değerlendirilmesi. Yayınlanmamışm Doktora
Tezi.Hacettepe Üniversitesi Sosyal Bilimler Enstitüsü Siyaset Bilimi ve
Kamu Yönetimi Anabilim Dalı Kamu Yönetimi Doktora Programı,
Ankara.
59
Goodrich,M. and Tamassia,R.(2018). Introduction To Computer Security.
Addison-Wesley.
Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding
nonmalicious security violations in the workplace: A composite behavior
model. Journal of Management Information Systems, 28(2), 203–236.
Han, J., & Yoo, H. (2016). The effect of managerial information security
intelligence on the employee’s information security countermeasure
awareness. Information Systems Review, 18(3), 137-153.
Hoffman, B. (2016). Inside terrorism. New York: Columbia University Press.
Hong, K. S., Chi, Y. P., Chao, L. R., & Tang, J. H. (2003). An integrated system
theory of information security management. Information Management &
Computer Security, 11(5), 243-248.
IBM. (2014). IBM Security services 2014 cyber security intelligence index.
Retrieved from
https://media.scmagazine.com/documents/82/ibm_cyber_security_intelligen
c_20450.pdf
information security management. Industrial Management & Data Systems,

106(3), 345–361.
International Telecommunications Union. (2008). ITU-TX.1205: series X: data

networks, open system communications and security: telecommunication
security: overview of cyber security. Retrieved from
https://www.itu.int/rec/dologin_pub.asp?lang=e&id=TREC-X.1205-200804-
I!!PDF-E&type=items
ISACA. (2013). COBIT 5 For Risk. Rolling Meadows, IL: ISACA
ISO/IEC (2016), Information technology — Security techniques — Information

security management — Organizational economics
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in

cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993.
Jung, J. (2011). A Study of Cyber Security Management within South Korean

Businesses – An examination of risk and cybercrime involving industrial
security. The thesis is submitted in partial fulfilment of the requirements for
60
the award of the degree of Doctor of Philosophy of the University of
Portsmouth
Knapp, K.J., Marshall, T.E., Rainer, R.K. & Morrow, D.W. (2004). The top
information security issues facing organizations: What can government do to
help? The 2004 International Information Systems Security Certification
Consortium Survey Results, Auburn University, Auburn, AL.
Lee, D., (2013). A study on personal data hacking case to build corporate security
and counter strategy: Focused on Hyundai Capital hacking case. Journal of
Security Engineering, 10(4), 455-472.
Limburg, J. (2015). Trust in the world of cybercrime. Global Crime 13(2), 71-94.
Mahfuth, A., Yussof, S., Baker, A. A., & Ali, N. A. (2017). A systematic literature
review: Information security culture. Proceedings of Research and
Innovation in Information Systems (ICRIIS) 2017 International Conference
(pp. 1-6). Langkawi, Malaysia: IEEE.
Mohsin, K. (2016). Computer crime victimization and integrated theory: An

empirical assessment. International Journal of Cyber Criminology, 2(1), 08-
333.
Nasheri, H. (2015). Economic espionage and industrial spying. Cambridge:

Cambridge University Press.
National Institute of Standards and Technology. (2017). Risk management

framework for information systems and organizations (Draft NIST Special
Publication 800-37). Retrieved from
https://csrc.nist.gov/CSRC/media/Publications/sp/800-37/rev-
2/draft/documents/sp800-37r2-discussion-draft.pdf
Nye, J. S. (2010). Cyber power. Retrieved from Belfer Center for Science and
International Affairs website:
https://www.belfercenter.org/publication/cyber-power
Olumide, O. O.,Victor, F. B. (2010): E-Crime in Nigeria: Trends, Tricks, and

Treatment. The Pacific Journal of Science and Technology, Volume 11.
Number 1. May 2010 (Spring)
Parsons, K. M., Young, E., Butavicius, M. A., McCormac, A., Pattinson, M. R., &
Jerram, C. (2015). The influence of organizational information security
61
culture on information security decision making. Journal of Cognitive
Engineering and Decision Making, 9(2), 117-129.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014).
Determining employee awareness using the Human Aspects of Information
Security Questionnaire (HAIS-Q). Computers & Security, 42, 165–176.
Pfeffer, J. (2017). New directions for organization theory: Problems and prospects.
New York: Oxford University Press.
Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through

information systems security training: An action research study. MIS
Quarterly, 34(4), 757–778.
Raggad, B. G. (2010). Information security management: Concepts and practice.

New York: CRC Press.
Rainer Jr, R. K., Marshall, T. E., Knapp, K. J., & Montgomery, G. H. (2017). Do
information security professionals and business managers view information
security issues differently? Information Systems Security, 16(2), 100-108.
Robbins, S. P., & Judge, T.A. (2013). Organizational behaviour (15th ed.).
Boston: Pearson.
Robinson, N., Disley, E., Potoglou, D., Reding, A., Culley, D. M., Penny, M., . . .
Millard, J. (2012). Feasibility study for a European cybercrime centre.
Retrieved from RAND Corporation website:
https://www.rand.org/pubs/technical_reports/TR1218.html
Roseline, O. Moses-Òkè (2012): Cyber Capacity Without Cyber Security: A Case

Study OfNigeria‟s National Policy For Information Technology (NPFIT),
The Journal Of Philosophy, Science & Law Volume 12, May 30, 2012,
Retrieved from www.Miami.Edu/Ethics/Jpsl
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy
compliance model in organizations. Computers & Security, 56, 70–82.
Şahinaslan, Ö.,Şahinaslan, E., Borandağ, E.ve Şahinaslan,A.M.(2013). Güvenli bir

toplum için son kullanıcı siber güvenliği. XV. Akademik Bilişim
Konferansı,Bildiriler, 23-25 Ocak 2013,Akdeniz Üniversitesi, Antalya,1081-
1085.
62
Schaeffer, B. S., Holt, T.J. & Ahn, G.J. (2019): Cyber Crime And Cyber Security:
A White Paper For Franchisors, Licensors, and Others
Singh, A. N., Gupta, M. P., & Ojha, A. (2014). Identifying factors of

“organizational information security management”. Journal of Enterprise
Information Management, 27(5), 644-667.
Singh, A. N., Gupta, M. P., & Ojha, A. (2014). Identifying factors of

“organizational information security management”. Journal of Enterprise
Information Management, 27(5), 644-667.
Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information
security management (ISM) practices: Lessons from select cases from India
and Germany. Global Journal of Flexible Systems Management, 14(4), 225–
239.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to

information security policies: An exploratory field study. Information &
Management, 51(2), 217–224.
Sols, M. & Niekerk, A. (2013). Knowledge creation and innovation in the virtual
community – Exploring structure, values and identity in hacker groups.
Paper presented at the 35th DRUID Celebration Conference, Barcelona,
Spain.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security

management needs more holistic approach: A literature review. International
Journal of Information Management, 36(2), 215–225.
Stroh, L. K., Northcraft, G. B., & Neale, M. A. (2002). Organizational behavior: A

management challenge (3rd ed.). London: Lawrence Erlbaum Associates.
Symantec. (2017). Internet security threat report. Retrieved from

https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-
2017-en.pdf
Theoharidou, M., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2005). The
insider threat to information systems and the effectiveness of ISO17799.
Computers & Security, 24(6), 472-484.
Thompson, M.A.C. (2013). Breaking and remaking law and technology: A socio-
techno-legal study of hacking (Doctoral thesis). Tilburg: Tilburg University.
63
Tucker, D. S. (1997). The federal government's war on economic espionage.
University of Pennsylvania Journal of International Economic Law, 18(3),
1109-1152.
United Nations Office on Drugs and Crime. (2013). Comprehensive study on

cybercrime. Retrieved from https://www.unodc.org/documents/organized-
crime/UNODC_CCPCJ_ EG.4_2013/CYBERCRIME_STUDY_210213.pdf
Ünver, M. ve Canbay, C. (2010). Ulusal ve uluslararası boyutlarıyla siber

güvenlik. Elektrik Mühendisliği Dergisi, 438, 94-103.
Wall, D. (2017). Cybercrime. Cambridge: Polity.
Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information
systems security: The insider threat. European Journal of Information
Systems, 18(2), 101.
Watson R. and Watson D. (2017). Understanding the offender/environment

dynamic for computer crimes. Information Technology & People, 19(2),
170-186.
Werlinger, R., Hawkey, K., & Beznosov, K. (2019). An integrated view of human,
organizational, and technological challenges of IT security management.
Information Management & Computer Security, 17(1), 4–19.
Whitman, M., & Mattord, H. (2011). Principles of information security (4th ed.).
Boston:Cengage Learning.
64
APPENDIX
Source Code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Configuration;
using System.Data.SqlClient;
using System.Web.Security;
using Microsoft.VisualBasic;
public partial class users : System.Web.UI.Page

{
// public double New_users, Paid_last, All_users, Paid_for;
public string addedDate, New_users, Paid_last, All_users, Paid_for;

protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
this.ViewAllUser();
lblsn.Text = "Display Page " + (gvUsers.PageIndex + 1).ToString() + " of " +
gvUsers.PageCount.ToString();
}
private void ViewAllUser()
{
string constr =
ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("SELECT sn, name, deposit, Payout FROM
tbl_Transc"))
{
using (SqlDataAdapter sda = new SqlDataAdapter())
{
cmd.Connection = con;
sda.SelectCommand = cmd;
using (DataTable dt = new DataTable())
{
sda.Fill(dt);
gvUsers.DataSource = dt;
gvUsers.DataBind();
}
}
protected void btnSave_Click(object sender, EventArgs e)
65
{
string msg_Update = "Added Successfully!";
if (this.txtname.Text == "" || this.txtPLW.Text == "" || this.txtPAT.Text == "")
{
Label1.Text = "One or More Values not Entered";
Label1.ForeColor = System.Drawing.Color.Red;
}
else
{
Paid_last = txtPLW.Text.Trim();
Paid_for = txtPAT.Text.Trim();
string Name = txtname.Text.Trim();
addedDate = System.DateTime.Today.ToLongDateString();
// if (Information.IsNumeric(this.txtPLW.Text.Trim()) &&
Information.IsNumeric(this.txtPAT.Text.Trim()))
{
string constring =
ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(constring))
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO tbl_Transc (name,
deposit, Payout) VALUES (@name, @deposit, @Payout)", con))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@name", Name);
cmd.Parameters.AddWithValue("@deposit", Paid_last);
cmd.Parameters.AddWithValue("@Payout", Paid_for);
// cmd.Parameters.AddWithValue("@createdDate", addedDate.Trim());
con.Open();
int rowsAffected = cmd.ExecuteNonQuery();
ClientScript.RegisterStartupScript(GetType(), "AlertBox", "alert('" +
msg_Update + "');", true);
//Session.RemoveAll();
lbl.Text = msg_Update;
this.ViewAllUser();
txtPLW.Text = string.Empty;
txtname.Text = string.Empty;
txtPAT.Text = string.Empty;
con.Close();
}
}
66
}
}
}
protected void gvUsers_PageIndexChanging(object sender, GridViewPageEventArgs e)
{
gvUsers.PageIndex = e.NewPageIndex;
ViewAllUser();
}
protected void btnLogout_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
Session.RemoveAll();
Response.Redirect("admin-login.aspx");
}
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
string strDisAbleBackButton;
strDisAbleBackButton = "<script>\n";
strDisAbleBackButton += "window.history.forward(0);\n";
strDisAbleBackButton += "\n</script>";
ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "clientScript",
strDisAbleBackButton);
}
}
67

Cyber Security Management System (AutoRecovered)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security Management System (AutoRecovered)

Uploaded by

Copyright:

Available Formats

CYBER SECURITY MANAGEMENT SYSTEM: A CASE STUDY OF DELTA

STATE UNIVERSITY, ABRAKA

DELTA STATE UNIVERSITY, ABRAKA

A PROJECT SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE,

IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE AWARD

CYBER SECURITY MANAGEMENT SYSTEM: A CASE STUDY OF DELTA

STATE UNIVERSITY, ABRAKA

supervision of Prof. Anthony Imiavan Lecturer, Department of Computer Science, Delta

State University, Abraka.

carry out this work to a successful completion

I express my profound appreciation to my project supervisor, Prof. Anthony Imiavan for

necessary corrections on the manuscript and to my head of department Dr Akazue also to

Dr okorodudu for grooming me academically and to my lecturers as well.

CHAPTER ONE: INTRODUCTION

1.1 Background of the Study 1

1.2 Statement of the Problem 5

1.3 Aim and Objectives of the Study 6

1.4 Significance of the Study 7

1.5 Scope of the Study 7

1.6 Limitation of Study 8

1.7 Operational Definition of Terms 8

CHAPTER TWO: LITERATURE REVIEW

2.0 Chapter Overview 9

2.1 Cyber Security 9

2.2 Cyber Security Threats 12

2.3 Typologies of Cyber Security Threats 14

2.4 Technology's Impact on Cyber Security Risk 18

2.6 Management of Cyber Security 25

2.6.1. Cyber Security Management Measures 25

2.6.1.1. Security Policy 26

2.6.2. A Balanced Approach to Security Controls 27

2.6.3. Knowledge for Risk Reduction 28

2.6.4. Cyber Security Culture as an Adaptation of Organizational Culture 30

CHAPTER THREE: METHODOLOGY AND SYSTEM ANALYSIS

3.1 Chapter Overview 31

3.2 Methods of Data Collection 31

3.3 Analysis of the Existing System 34

3.3.1 Problem of the Existing System 35

3.4 Analysis of the Proposed System 36

3.4.1 Advantages of the Proposed System 37

3.5 High Level Model of the Proposed System 38

CHAPTER FOUR: SYSTEM DESIGN AND IMPLEMENTATION

4.1 Chapter Overview 41

4.2 System Design (Design Overview) 41

4.2.1 System Description 44

4.3 System Implementation 46

4.3.1 Graphical User Interface Design 46

4.3.3 Entry module 47

4.3.4 Report module 49

4.3.5 Update module 49

4.3.6 Exit module 50

3.3 System Database Design 50

4.4 System Requirement 51

4.4.1 Hardware Requirement 51

4.4.2 Software Requirement 52

4.5 System Testing 52

4.5.1 Unit Test 53

4.5.2 System Test 53

4.5.3 Packaging (Integration) 53

4.6 System Review and Maintenance 53

4.7 Installation Procedure 54

4.8 User Guide 54

CHAPTER FIVE: SUMMARY, CONCLUSION AND RECOMMENDATION