The Cyber Kill Chain Model and Its Applicability on The Protection of Students Academic Information Systems (SAIS) in Tanzanian HEIs

George Matto

doi:10.51519/journalisi.v6i1.676

George Matto Moshi Co-operative University, Tanzania, United Republic of

DOI: 10.51519/journalisi.v6i1.676

Keywords: Cyber kill chain, Students Academic Information System, HEIs, Tanzania

Abstract

Security threats are constantly evolving in various computerized systems. As in many other systems, security threats and attacks have been directed to Students Academic Information System (SAIS) in Higher Education Institutions (HEIs). The seven steps cyber kill chain model offers preventive defense against such security threats. Little is known, however, on how well the model is applicable in the protection of SAIS. This study was therefore carried out to investigate the applicability of the cyber kill chain model on the protection of SAIS. The study was qualitative in which empirical evidence from literature was employed to gather data which were then analysed thematically through content analysis. Results showed that the cyber kill chain model is very relevant and applicable in the protection of SAIS. Each of the seven steps of the model practically applies differently in SAIS which entails for distinct protective measures as detailed in the paper. The study calls upon HEIs stakeholders to leverage the proposed preventive measures against security threats in SAIS.

Downloads

Download data is not yet available.

References

G. Matto, “Big Data Analytics Framework for Effective Higher Education Institutions,” Tanzan. J. Eng. Technol., vol. 41, no. 1, pp. 10–18, Jul. 2022, doi: 10.52339/tjet.vi.768.

O. Tefurukwa, “The Central Admission System in Tanzania: The Best E-Government Service Tool?,” J. Policy Leadersh. JPL, vol. 9, no. 2, pp. 37–54, 2023.

K. Kavuta and S. Nyamanga, “The Factors Affecting the Implementation of Students’ Records Management System to Higher Learning Institutions in Tanzania A Case of The Institute of Accountancy Arusha,” Int. J. Sci. Technol. Res., vol. 7, no. 2, pp. 150–156, 2018.

N. Obasi, E.O. Nwachukwu, and C. Ugwu, "A Novel Web-Based Student Academic Records Information System," West African Journal of Industrial and Academic Research, vol. 7, no. 1, pp. 31–47, 2013.

A.E. Nwaomah, "Political factors’ influence on students’ records management effectiveness in the Nigerian university system," European Journal of Research and Reflection in Management Sciences, vol. 3, no. 2, pp. 29–41, 2015.

J. A. O'brien and G.M. Marakas, Management information systems, vol. 6. New York, NY, USA: McGraw-Hill Irwin, 2006.

Moshi Co-operative University, “MoCU Students Academic Registration Information System.” [Online]. Available: https://musaris.mocu.ac.tz/auth

Sokoine University of Agriculture, “SUA Students Information System.” [Online]. Available: https://suasis.sua.ac.tz/index.php/login

A. Semlambo, N. Stanslaus, and G. Munguyatosha, “Factors Affecting the Security of Information Systems in Public Higher Learning Institutions in Tanzania,” Inf. Technol. Int. J. Inf. Commun. Technol. ICT, vol. 19, no. 2, pp. 43–65, 2022.

F.A. Garba, S.B. Junaidu, I. Ahmad, and M. Tekanyi, "Proposed framework for effective detection and prediction of advanced persistent threats based on the cyber kill chain," Scientific and Practical Cyber Security Journal, vol. 3, no. 3, pp. 1–11, 2018.

T. Yadav and A.M. Rao, "Technical aspects of cyber kill chain," in Security in Computing and Communications: Third International Symposium, SSCC 2015, Kochi, India, August 10-13, 2015. Proceedings, vol. 3, pp. 438–452, Springer International Publishing, 2015.

M. Korolov, “How attackers sidestep the cyber kill chain.” [Online]. Available: https://www.csoonline.com/article/572195/how-attackers-sidestep-the-cyber-kill-chain.html

P.N. Bahrami, A. Dehghantanha, T. Dargahi, R.M. Parizi, K.K.R. Choo, and H.H. Javadi, "Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures," Journal of Information Processing Systems, vol. 15, no. 4, pp. 865–889, Aug. 2019, doi: 10.3745/JIPS.03.0126.

National Research Council, Division on Engineering and Physical Sciences, Air Force Studies Board, and Committee on Future Air Force Needs for Survivability, Future Air Force Needs for Survivability. National Academies Press, 2006.

E. Hutchins, M. Cloppert, and R. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” Lead. Issues Inf. Warf. Secur. Res., vol. 1, no. 1, pp. 1–14, 2011.

H. Penney, “Scale, Scope, Speed & Survivability: Winning the Kill Chain Competition,” Mitchell Institute, vol. 40, 2023.

Y. Ahmed, A.T. Asyhari, and M.A. Rahman, "A cyber kill chain approach for detecting advanced persistent threats," Computers, Materials and Continua, vol. 67, no. 2, pp. 2497–2513, 2021.

M. S. Khan, S. Siddiqui, and K. Ferens, “A Cognitive and Concurrent Cyber Kill Chain Model,” in Computer and Network Security Essentials, K. Daimi, Ed., Cham: Springer International Publishing, 2018, pp. 585–602. doi: 10.1007/978-3-319-58424-9_34.

P. N. Bahrami, A. Dehghantanha, T. Dargahi, R. M. Parizi, K.-K. R. Choo, and H. H. S. Javadi, “Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures,” J. Inf. Process. Syst., vol. 15, no. 4, pp. 865–889, Aug. 2019, doi: 10.3745/JIPS.03.0126.

H. Kim, H. Kwon, and K. K. Kim, “Modified cyber kill chain model for multimedia service environments,” Multimed. Tools Appl., vol. 78, no. 3, pp. 3153–3170, Feb. 2019, doi: 10.1007/s11042-018-5897-5.

Pols, P., "The Unified Kill Chain–Raising Resilience against Advanced Cyber Attacks," White Paper, The-Unified-Kill-Chain, 2021.

B. Strom, A. Applebaum, D. Miller, K. Nickels, A. Pennington, and C. Thomas, “Mitre att&ck: Design and philosophy. In Technical report,” He MITRE Corp., 2018.

S. Gukurume, "Surveillance, spying and disciplining the university: deployment of state security agents on campus in Zimbabwe," J. Asian Afr. Stud., vol. 54, no. 5, pp. 763-779, 2019.

The Zimbabwean, “NUST System Hacked, Students De-registered, Results Deleted.” [Online]. Available: https://www.thezimbabwean.co/2021/10/nust-system-hacked-students-de-registered-results-deleted/

Y.A. Odugbesan, "Rebuilding the social fabric: challenging and transforming unwarranted influences in the educational institutions in Nigeria," Doctoral Dissertation, Rutgers University-Graduate School-Newark, 2017.

The Herald, “Just In: CUT student hacks exam database, forges results.” [Online]. Available: https://www.herald.co.zw/just-in-cut-student-hacks-exam-database-forges-results/

The Citizen, “Iringa University IT students expelled after hacking campus online fee payment system.” [Online]. Available: https://www.instagram.com/p/Css8c7YIEsh/

J.A. Ampofo, "Challenges of student management information system (MIS) in Ghana: A case study of University for Development Studies, Wa Campus," Int. J. of Management & Entrepreneurship Research, vol. 2, no. 5, pp. 332-343, 2020.

N. Fouad, “Securing higher education against cyberthreats: from an institutional risk to a national policy challenge,” J. Cyber Policy, vol. 6, no. 2, pp. 137–154, 2021.

M. Mshangi, “Enhancing Security of Information Systems in Tanzania: The Case of Education Sector,” Doctoral dissertation, The Open University of Tanzania, 2020.

E. Kundy and B. Lyimo, “Cyber Security Threats in Higher Learning Institutions in Tanzania, A Case of University of Arusha and Tumaini University Makumira,” Olva Acad. Res., vol. 2, no. 3, pp. 1–38, 2019.

G. Rogers and T. Ashford, “Mitigating Higher Ed Cyber Attacks,” Assoc. Support. Comput. Users Educ., 2015.

M. Bossetta, “The Weaponization of Social Media: Spear Phishing and Cyberattacks on Democracy,” J. Int. Aff. Editor. Board, vol. 71, no. 1.5, pp. 97–106, 2018.

S. Zulkiffli, M. Zawawi, and F. Rahim, “Passive and active reconnaissance: a social engineering case study. In 2020 8th International Conference on Information Technology and Multimedia,” pp. 138–143, 2020.

M. Dabbagh, A.J. Ghandour, K. Fawaz, W. El Hajj, and H. Hajj, "Slow port scanning detection," in Proc. 2011 7th International Conference on Information Assurance and Security (IAS), December 2011, pp. 228-233, IEEE.

T. Hamed, R. Dara, and S. Kremer, Intrusion detection in contemporary environments. In Computer and Information Security Handbook. Morgan Kaufmann, 2017.

Broadhurst, R., Skinner, K., Sifniotis, N., Matamoros-Macias, B. and Ipsen, Y., 2018. Phishing and cybercrime risks in a university student community. Available at SSRN 3176319.

Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,” Front. Comput. Sci., vol. 3, 2021.

Proofpoint, “State of the Phish: An in-depth look at user awareness, vulnerability and resilience,” 2020 Annual Report, 2020.

N.S. Fouad, "Securing higher education against cyberthreats: from an institutional risk to a national policy challenge," J. Cyber Policy, vol. 6, no. 2, pp. 137-154, 2021.

F. Aldauiji, O. Batarfi, and M. Bayousef, “Utilizing Cyber Threat Hunting Techniques to Find Ransomware Attacks: A Survey of the State of the Art,” IEEE Access, vol. 10, pp. 61695–61706, 2022, doi: 10.1109/ACCESS.2022.3181278.