Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions

Christopher R. Harrell, Mark Patton, Hsinchun Chen, Sagar Samtani

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Scientific advances of higher education institutions make them attractive targets for malicious cyber-attacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.

Original languageEnglish (US)
Title of host publication2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
EditorsDongwon Lee, Ghita Mezzour, Ponnurangam Kumaraguru, Nitesh Saxena
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages148-153
Number of pages6
ISBN (Electronic)9781538678480
DOIs
StatePublished - Dec 24 2018
Event16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018 - Miami, United States
Duration: Nov 9 2018Nov 11 2018

Other

Other16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018
CountryUnited States
CityMiami
Period11/9/1811/11/18

Fingerprint

Remediation
vulnerability
Education
education
Virtual reality
Higher education institutions
Vulnerability
Defects
cause
lack

Keywords

  • Higher education
  • National Vulnerability Database
  • Nessus
  • Shodan
  • Vulnerability assessment

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Communication

Cite this

Harrell, C. R., Patton, M., Chen, H., & Samtani, S. (2018). Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions. In D. Lee, G. Mezzour, P. Kumaraguru, & N. Saxena (Eds.), 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018 (pp. 148-153). [8587380] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2018.8587380

Vulnerability assessment, remediation, and automated reporting : Case studies of higher education institutions. / Harrell, Christopher R.; Patton, Mark; Chen, Hsinchun; Samtani, Sagar.

2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018. ed. / Dongwon Lee; Ghita Mezzour; Ponnurangam Kumaraguru; Nitesh Saxena. Institute of Electrical and Electronics Engineers Inc., 2018. p. 148-153 8587380.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harrell, CR, Patton, M, Chen, H & Samtani, S 2018, Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions. in D Lee, G Mezzour, P Kumaraguru & N Saxena (eds), 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018., 8587380, Institute of Electrical and Electronics Engineers Inc., pp. 148-153, 16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018, Miami, United States, 11/9/18. https://doi.org/10.1109/ISI.2018.8587380
Harrell CR, Patton M, Chen H, Samtani S. Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions. In Lee D, Mezzour G, Kumaraguru P, Saxena N, editors, 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 148-153. 8587380 https://doi.org/10.1109/ISI.2018.8587380
Harrell, Christopher R. ; Patton, Mark ; Chen, Hsinchun ; Samtani, Sagar. / Vulnerability assessment, remediation, and automated reporting : Case studies of higher education institutions. 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018. editor / Dongwon Lee ; Ghita Mezzour ; Ponnurangam Kumaraguru ; Nitesh Saxena. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 148-153
@inproceedings{256e75774be44486bedd99cbfd8d7c48,
title = "Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions",
abstract = "Scientific advances of higher education institutions make them attractive targets for malicious cyber-attacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80{\%} of vulnerabilities found in scanned higher education institutions.",
keywords = "Higher education, National Vulnerability Database, Nessus, Shodan, Vulnerability assessment",
author = "Harrell, {Christopher R.} and Mark Patton and Hsinchun Chen and Sagar Samtani",
year = "2018",
month = "12",
day = "24",
doi = "10.1109/ISI.2018.8587380",
language = "English (US)",
pages = "148--153",
editor = "Dongwon Lee and Ghita Mezzour and Ponnurangam Kumaraguru and Nitesh Saxena",
booktitle = "2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Vulnerability assessment, remediation, and automated reporting

T2 - Case studies of higher education institutions

AU - Harrell, Christopher R.

AU - Patton, Mark

AU - Chen, Hsinchun

AU - Samtani, Sagar

PY - 2018/12/24

Y1 - 2018/12/24

N2 - Scientific advances of higher education institutions make them attractive targets for malicious cyber-attacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.

AB - Scientific advances of higher education institutions make them attractive targets for malicious cyber-attacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.

KW - Higher education

KW - National Vulnerability Database

KW - Nessus

KW - Shodan

KW - Vulnerability assessment

UR - http://www.scopus.com/inward/record.url?scp=85061049838&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061049838&partnerID=8YFLogxK

U2 - 10.1109/ISI.2018.8587380

DO - 10.1109/ISI.2018.8587380

M3 - Conference contribution

AN - SCOPUS:85061049838

SP - 148

EP - 153

BT - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018

A2 - Lee, Dongwon

A2 - Mezzour, Ghita

A2 - Kumaraguru, Ponnurangam

A2 - Saxena, Nitesh

PB - Institute of Electrical and Electronics Engineers Inc.

ER -