Технологія Забезпечення Інформаційної І Кібербезпеки В Закладах Вищої Освіти України

Nashynets-Naumova, Anfisa; Buriachok, Volodymyr; Korshun, Natalia; Zhyltsov, Oleksii; Skladannyi, Pavlo; Kuzmenko, Lidia

doi:10.33407/itlt.v77i3.3424

Cited by 3 publications

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Social Engineering Penetration Testing in Higher Education Institutions

Marusenko,

Sokolov,

Skladannyi

2023

Lecture Notes on Data Engineering and Communications Technologies

View full text Add to dashboard Cite

Social engineering penetration testing is a complex but necessary tool to test the security of information systems. Such testing requires balancing the organization's benefit and the comfort of an information system user. Penetration testing poses complex ethical concerns affecting people who do not expect it. At the same time, penetration testing is effective only when it mimics the real situation as much as possible, i. e. it is unexpected. The article's authors describe the methodology of social engineering penetration testing of the educational institution information system; substantiate the design of the experiment, which allows for balancing the ethical precautions and the effectiveness of testing. The authors formulate a set of markers that they use to reduce the negative impact of the attack on users of the information system and to help users to identify the true nature of the attack. The experiment conducted by the authors shows the advance of a phishing attack aimed at a large number of system users and its effectiveness. The authors also reveal the challenges such an attack poses to the information system staff, who have to respond to such influence effectively and on time. The experiment shows that half of the responses were received in the first 40 min after mailing. Concluding the research authors analyze the suggested design of social engineering penetration testing experiment, ways to respond to real attacks of this kind, as well as to raise respondents' awareness. The directions for possible future research are outlined. The value of this research is in the object-students of a higher educational institution who constantly work with information. The neglect of personal information indicates the need to introduce information hygiene courses from the very first courses.

show abstract

Social Engineering Penetration Testing in Higher Education Institutions

Marusenko,

Sokolov,

Skladannyi

2023

Lecture Notes on Data Engineering and Communications Technologies

View full text Add to dashboard Cite

show abstract

Approaches to the Formation of Scientific Thinking in Cybersecurity High School Students

Sokolov

2022

Cybersecurity

View full text Add to dashboard Cite

The need for specialists in the development of information systems is growing, therefore the cost and demand for educational programs and courses for “quick” entry into the specialty is increasing. Training of information security specialists is impossible without current and clear standards and training programs. Currently, there is no clear standard for a Cybersecurity major for Ph.D. The public discourse on the development and processing of passports of specialties should actualize the problems and challenges of the modern world market of information technologies. The application of best practices in state institutions and services will strengthen the security of the Ukrainian state. This article uses the experience of working with students of higher education at different levels. The corpus of the author’s publications over the past six years is used as the object of the research. The main research methods are a critical analysis of approaches to the activation of creative approaches in acquirers; comparative analysis of difficulties in preparing for the experiment and classification of publications by research areas. The work presents an overview of the information security labor market, its structure and features of interaction between employers and job applicants. The peculiarities of the development of information security specialists, as well as their phases of formation, are considered separately. Consolidation of university curricula and comparison of passports of scientific specialties (05.13.21 information protection systems, 21.05.01 information security, 05.13.06 information technologies, 13.00.10 information and communication technologies in education) of doctors of philosophy made it possible to single out the main directions, which a graduate of the “Cybersecurity” specialty should know and be able to do. Methods of involving students and graduate students in active learning are considered in a separate block. Statistics of cooperation with acquirers are analyzed, and it is shown that covering all aspects of cybersecurity is not always possible

show abstract

The Model of Server Virtualization System Protection in the Educational Institution Local Network

et al. 2022

View full text Add to dashboard Cite

A new approach for the information security (IS) improvement of the educational institution's network has been proposed. The proposed approach is structured and systematic. It allows one to assess the security of the network of an educational institution (for example, a university) as a whole, as well as its subsystems and components that provide IS of an educational institution. Statistical, expert, heuristic and other indicators have been used to assess the degree of security. The proposed model allows one to describe the procedure for securing the IS network of the university. A balanced system of IS indicators has been proposed, which will allow the effectiveness evaluation of the university's network protection. Also as part of the research, a model of a secure network of an educational institution has been built, where network devices were emulated in a virtual machine (VM) with the EVE-NG application installed. Other network resources have been reproduced with the server virtualization system Proxmox VE. The IPS Suricata threat detection system, the Splunk platform, and the Pi-Hole DNS filter have been deployed on PVE-managed hosts.

show abstract

Технологія Забезпечення Інформаційної І Кібербезпеки В Закладах Вищої Освіти України

Cited by 3 publications

References 0 publications

Social Engineering Penetration Testing in Higher Education Institutions

Social Engineering Penetration Testing in Higher Education Institutions

Approaches to the Formation of Scientific Thinking in Cybersecurity High School Students

The Model of Server Virtualization System Protection in the Educational Institution Local Network

Contact Info

Product

Resources

About