Ensuring Cybersecurity in Higher Education

Why do I need to develop a cybersecurity solution?

The student's information should be protected from being lost or used in a way that harms or exonerates the student. It can lead to hours and dollars spent getting data back, students trusting and rebuilding a damaged reputation can be very hard for an organisation if their systems are constantly being hacked. More devices in the virtual landscape lead to more entry points and more security needs. Yet many institutions in Saudi Arabia have not fulfilled their responsibilities. Just as people use antivirus protections to protect their data in their homes, higher education needs to do the same in Saudi Arabia. There is a Zero Trust policy, along with installing security software, training employees and students about the Cyber security Code, and using secure hardware and applications. The custom application is better because it is built to work with the institution's existing processes and architecture since cybersecurity software is a must.

What is the gap in the literature?

There is a lot of gaps in the literature on the NIST framework. The literature has only talked about the advantages and the need for institutions to adopt cyber security framework. However, there is limited information concerning proper education regarding the software and how it can be used and updated when the system is outdated to improve its efficiency. There is also limited information regarding system use and how to go about the framework.

How will I be developing the framework?

Tailoring a cyber-security framework to your requirements is not easy, but the following are five steps that are needed in an attempt to tailor your framework.

Set your target goals

The framework you put in place will give you access to what you want to achieve. You can measure what success looks like if you can better understand it. The risk tolerances that are acceptable to the C-Suite and your IT department are the main decisions to make when setting goals. If a definitive agreement is needed to set out exactly what level of risk is acceptable, the IT Management team would typically be responsible for it.

Create a detailed profile

Tailoring the framework is the next step, and it will be drilled deeper. It is possible to understand your current spot with the Framework Implementation Tiers. There are three areas that they have divided that would be very influential in this process.

External Participation

Integrated Risk Management Program

Risk Management Process

Assess your current position

It is time to assess your current position once you have set your goals and created a profile. Then, a risk assessment takes place to establish your current status. You could potentially engage a cyber-security specialist to carry out an assessment of your current status, or possibly use open source or commercial software to score your target areas. When all areas are assessed you can present the risks to your key players, showing the security of operations and assets. At this point in the process, vulnerabilities and threats should be identified.

Gap analysis and action plan

A deeper understanding of risks and the potential business impacts is essential to moving on to a gap analysis. You can compare your score with your target score during this stage of the process. It's a good idea to create a heat map that illustrates results in a user-friendly way. Significant differences will make you seek out areas that you want to focus on. Put yourself in the shoes of a person who is attempting to close gaps between their current and their target scores. To improve your scores, identify several measures that you can take, and discuss them with all of your key stakeholders. Budgetary considerations, as well as specific project requirements, are possibilities of influence on your plan.

Implement your action plan

It is now time to implement NIST since you have a clear picture of the current health of your defence, a set of organizationally related targets and comprehensive gap analysis, you are ready to go.

What value of the framework I will be offering?

The advent of technology has introduced rampant cybercrime in most institutions in Saudi Arabia therefore; the value of this framework would be to reduce the rate of cyber-attacks and the protection of students' vital information. An example is the recent malware attack that interfered with a lot of private employee information. The Middle Eastern countries experienced an increase in the number of cyber-attacks in early 2020 after the birth of the coronaviruses. Our main aim is to offer institutions valid protection.

What is the main literature source?

The literature is reliant on the sources available online and majorly from the NIST website pages and framework research. With increasing dependence on computers and their corresponding interconnectivity, information security has morphed to be a core element for virtually all organisations whether private, governmental, business or non-profit entities across the globe.

What is the research domain I am focusing on?

The research is focusing on designing and implementing cyber protection that would be used to protect higher institutions in Saudi Arabia. The purpose of this qualitative phenomenological study is to identify strategies that university information security officers in Saudi Arabia might use to implement the NIST risk management framework in higher education institutions. The method of research that is referred to as a tradition, is called Researching the Experiences of specialized research subjects concerning the way they discover and enjoy unique experiences.

What are the issues and risks that people are facing in higher education in Saudi Arabia?

The pace of globalizing in education has not, however, been without growing concern about the quality of what is being offered and providing protection to the institution. That is why cybercriminals have been constantly targeting the sector. Additionally, Compliance based security does not demand enough at higher education institutions where there have been a lot of information security breaches. For institutions that face significant risk due to their threats and vulnerabilities, it is necessary to have a more flexible approach. The risks of compromising universities in Saudi Arabia are greater due to the weaknesses of security infrastructure. The NIST used the risk management framework to work out the information security best practices for the country.

What is the plan?

The purpose of this paper is to develop a NIST security framework that can be used to protect and safeguard higher education institutions in Saudi Arabia. In order to achieve this, it will follow the plan as follows:

Introducing the project

Providing background information about NIST

Giving out a clear problem statement

Giving out the purpose of the project

Providing the state of the project

Providing an overview of the importance of security policies

Conducting a literature review

Methodology

Data collection

Report

And finally, to conclude the project,

Looking for further insights on Enhancing Verbal Communication Skills for Effective Coursework Presentations? Click here.

What are the key things I am going to do in my research?

Searching the literature to see the advancement of the NIST framework

Design work

Visiting universities in order to come up with a better framework of policy and stature that can be used in higher institutions in Saudi Arabia.

Data collection (meeting the heads of higher institutions)

Design of data coloration