Üniversitelerdeki Siber Güvenlik Sorunları ve Farkındalık Eğitimleri

Üniversite kampüsleri farklı ağ yapıları ve kullanıcı sınıfları barındıran yerlerdir. Kampüs ağları günümüzde çok karmaşık hale geldi. Öğretimin kalitesini yükseltmek için bilgi teknolojileri kampüslerde en iyi şekilde kullanılmaktadır. Üniversiteler birçok kesimin ilgisini çeken verileri kendi sistemlerinde barındırırlar. İnternete çıkışı olan bu yapılar sürekli siber tehditlere maruz kalmaktadır. Bu çalışmada siber tehlikelere karşı birçok zayıf halkası bulunan üniversitelerin neden saldırıların hedefinde olduğu anlaşılmaya çalışıldı. En çok kullanılan saldırı yöntemlerinin neler olduğuna bakıldı. Siber zayıflıkların giderilmesi için çözümler önerildi. Bilgi güvenliği politikalarının oluşturulması ve uyulması, kullanıcılara siber farkındalık eğitimleri aldırılması, bilgi sistemleri altyapılarının güçlendirilmesi gerektiği görüldü. Siber farkındalık eğitimleri konusunda izlenecek yol önerildi. Üniversiteleri kötü algılardan koruyacak, siber zararlara karşı güçlü kılacak çok boyutlu çalışmalardan ve politikalardan taviz verilmemelidir.

Cyber Security Issues and Awareness Training at Universities

University campuses accommodate different network structures and user classes. Campus networks have become very complex today. In order to improve the quality of teaching, information technologies have been used in the best way on campuses. Universities host the data in their own systems that attract the attention of many groups. These structures, which have access to the internet, are constantly exposed to cyber threats. In this study, we tried to understand why these structures are the target of attacks, which have many weak links against cyber hazards. What are the most used attack methods were examined. Solutions were proposed to overcome these weaknesses. It was observed that information security policies should be established and followed, users should be provided with cyber awareness training and information systems infrastructures should be strengthened. A following path for cyber awareness training was proposed for universities. Studies and policies that will protect universities from bad perceptions and make them strong against cyber harms should not be compromised.

Keywords:

cyber threats, campus network information security, university, cyber awareness,

PDF

___

[1] F. H. Katz, “The Effect of a University Information Security Survey on Instruction Methods in Information Security”, Annual Conference on Information Security Curriculum Development - InfoSecCD ’05, 43-48, 2005.
[2] National Cybersecurity Strategy Guide, ITU, 2011.
[3] L. Coleman, B. M. Purcell, "Data Breaches in Higher Education", J. Bus. Cases Appl., 15(15), 1-7, 2015.
[4] The State of Cyber Security Across UK Universities, Redscan, 2020.
[5] B. Kerievsky, “Security and Confidentiality in a University Computer Network”, ACM SIGUCCS Newsl., 6(3), 9–11, 1976.
[6] NCSC, The Cyber Threat to Universities, UK National Cyber Security Centre, 2019.
[7] OAIC, Notifiable Data Breaches Scheme 12-month Insights Report, Australian Information Commissioner, 2019.
[8] IBM Security, IBM X-Force Threat Intelligence Index 2020, IBM, 2020.
[9] Ulakbim, 12.ULAKNET Çalıştayı Sunu, Tübitak, 2018.
[10] L. Kumari, S. Debbarma, and R. Shyam, “Security Problems in Campus Network and Its Solutions”, International Journal of Advanced Engineering & Application, 1(1), 98–101, 2011.
[11] C. McGuffin, P. Mitchell, "On Domains: Cyber and The Practice of Warfare", Int. J. Canada’s J. Glob. Policy Anal., 69(3), 394– 412, 2014.
[12] Internet:University of Insecurity, https://flylib.com/books/en/2.145.1/university_of_insecurity.html, 28.02.2021.
[13] Y. Rezgui, A. Marks, “Information Security Awareness in Higher Education: An Exploratory Study”, Computers and Security, 27(7), 241–253, 2008
[14] M. T. Siponen, “A Conceptual Foundation for Organizational Information Security Awareness”, Information Management & Computer Security, 8(1), 31–41, 2000.
[15] S. Al-Janabi, I. Al-Shourbaji, “A Study of Cyber Security Awareness in Educational Environment in the Middle East”, Journal of Information & Knowledge Management, 15(1), 2016.
[16] G. H. Kirwan, C. Fullwood, and B. Rooney, “Risk Factors for Social Networking Site Scam Victimization Among Malaysian Students”, Cyberpsychology, Behavior and Social Networking, 21(2), 123–128, 2018.
[17] L. Slusky and P. Partow-Navid, “Students Information Security Practices and Awareness”, Journal of Information Privacy and Security, 8(4), 3–26, 2012.
[18] I. Khan, “An introduction to computer viruses: Problems and solutions”, Libr. Hi Tech News, 7, 2012.
[19] Internet: R. Siciliano, Seven Types of Hacker Motivations, https://www.mcafee.com/blogs/consumer/family-safety/7-typesof-hacker-motivations/, 11.05.2020.
[20] M. Nkhoma, D. Dang Pham Thien, T. Le Hoai, C. Nkhoma, “Information Security Landscape in Vietnam: Insights from Two Research Surveys”, Cyber Criminology. Advanced Sciences and Technologies for Security Applications, Editör: Jahankhani H., Springer, Cham, 341–357, 2018.
[21] B. B. Gupta, A. Tewari, A. K. Jain, D. P. Agrawal, “Fighting Against Phishing Attacks: State of the Art and Future Challenges”, Neural Computing and Applications, 28, 3629–3654, 2017.
[22] APWG, Phishing Activity Trends Report, Anti Phishing Work Group, 2020.
[23] P. Ramesh, D. L. Bhaskari, CH. Satyanarayana, “A Comprehensive Analysis of Spoofing”, International Journal of Advanced Computer Science and Applications, 1(6), 157-162, 2010.
[24] D. Gollmann, “Securing Web applications”, Information Security Techical Report, 13(1), 2008.
[25] P. Anu, S. Vimala, “A Survey on Sniffing Attacks on Computer Networks”, International Conference on Intelligent Computing and Control (I2C2 2017), Coimbatore, 1-5, 2017.
[26] C. Wu, “The problems in campus network information security and its solutions,” 2nd International Conference on Industrial and Information Systems, 2010.
[27] M. Conti, N. Dragoni, V. Lesyk, “A Survey of Man in the Middle Attacks”, IEEE Communications Surveys and Tutorials, 18(3), 2027-2051, 2016.
[28] Internet: J. DeCleene, 3 Ways to Protect Against Man-In-TheMiddle Attacks, https://medium.com/datadriveninvestor/3-waysto-protect-against-man-in-the-middle-attacks-cbd35f3200a7, 30.05.2020.
[29] J. Mirkovic, P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms”, Computer Communications Review, 34(2), 39-54, 2004.
[30] Internet: geekflare.com Editorial, 9 Popular Web Application Injection Attack Types, https://geekflare.com/web-applicationinjection-attacks/, 06.05.2020.
[31] S. Lalia, A. Sarah, “XSS Attack Detection Approach Based on Scripts Features Analysis”, Advances in Intelligent Systems and Computing, 197–207, 2018.
[32] Ö. Can, M. F. Akbaş, “Kurumsal Ağ ve Sistem Güvenliği Politikalarının Önemi ve Bir Durum Çalışması”, Türk Bilim Araştırma Vakfı Bilim Dergisi, 7(2), 16-31, 2014.
[33] A. Moallem, "Cyber Security Awareness Among College Students", International Conference on Applied Human Factors and Ergonomics (AHFE 2018), 79–87, 2018.
[34] E. B. Kim, “Recommendations for information security awareness training for college students”, Information Management and Computer Security, 22(1), 115-126, 2014.
[35] Y. Zou, J. Zhu, X. Wang, L. Hanzo, “A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends” , Proceedings of the IEEE 104.9, 1727–1765, 2016.
[36] A. El Bekkali, M. Boulmalf, M. Essaaidi, G. Mezzour, "Securing the Internet of Things (IoT)", IGI Global, 2019.
[37] Internet: Updating Your Awareness Training, https://www.sans.org/security-awareness-training/blog/updatingyour-awareness-training, 28.02.2021.
[38] M. Yüksel, N. Öztürk, "SIP Saldırıları ve Güvenlik Yöntemleri", Bilişim Teknolojileri Dergisi, 10(3), 301-310, 2017.