Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions

Christopher R. Harrell, Mark Patton, Hsinchun Chen, Sagar Samtani

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Scientific advances of higher education institutions make them attractive targets for malicious cyber-attacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.

Original languageEnglish (US)
Title of host publication2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
EditorsDongwon Lee, Ghita Mezzour, Ponnurangam Kumaraguru, Nitesh Saxena
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages148-153
Number of pages6
ISBN (Electronic)9781538678480
DOIs
StatePublished - Dec 24 2018
Event16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018 - Miami, United States
Duration: Nov 9 2018Nov 11 2018

Publication series

Name2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018

Other

Other16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018
CountryUnited States
CityMiami
Period11/9/1811/11/18

Keywords

  • Higher education
  • National Vulnerability Database
  • Nessus
  • Shodan
  • Vulnerability assessment

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Communication

Fingerprint Dive into the research topics of 'Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions'. Together they form a unique fingerprint.

  • Cite this

    Harrell, C. R., Patton, M., Chen, H., & Samtani, S. (2018). Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions. In D. Lee, G. Mezzour, P. Kumaraguru, & N. Saxena (Eds.), 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018 (pp. 148-153). [8587380] (2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2018.8587380