International Journal of Research and Innovation in Social Science (IJRISS) | Volume VI, Issue VI, June 2022 | ISSN 2454–6186
H. A. Seneviratne1, M. Thenabadu2*, W.M.G.K. Wijerathne3
1Department of Multimedia and Web Technology, Faculty of Information Technology, University of Vocational Technology, Sri Lanka
2Department of Agriculture and Food Technology, Faculty of Industrial Technology, University of Vocational Technology, Sri Lanka
3TECH- CERT, Pvt Ltd.,1 st Floor Bernard Business Park, N0106, Dutugemunu St, Dehiwala Sri Lanka.
*Corresponding author
Abstract: The study investigates the University of Vocational Technology’s Information System’s (IS) security vulnerabilities. Aim of the study is to investigate general system security vulnerabilities, staff opinion on potential vulnerabilities of the system in relation to the CIA Triad and to identify measures to address vulnerability issues. Multiple data collection methods, such as questionnaire, observation, and focus group discussion, are used in case-study approach. According to the findings, hardware and software vulnerabilities indicated the highest possible occurrence (22%) and the occurrence of emanation vulnerabilities indicated the least (2 %) under identified general vulnerabilities. Findings of staff opinion on the IS security implemented in the University information system in terms of CIA triad, revealed that, majority were dissatisfied with the confidentiality, integrity and availability factors Hence, overall IS security satisfaction among university staff was found to be inadequate.
According to the results of the observations and focus group discussions the University of Vocational Technology’s information system was discovered to be highly vulnerable. The system performed poorly in all aspects of the CIA Triad, indicating that the system’s overall vulnerability is high. A number of recommendations are made based on focus group discussions to mitigate IS security vulnerabilities in the studied environment. The major recommendations are, improve information security awareness of staff, develop operator guidelines and develop and implement a successful vulnerability management programme for the University. Further, the study’s findings add to the body of knowledge of empirical studies relevant to the CIA Triad.
Keywords —: CIA Triad, Information Systems Security, vulnerability
I. INTRODUCTION
Information systems (IS) are critical for any organizations success. Most organizations consider information system security to be a critical issue. With the introduction of Information Technology (IT) and the widespread use of the internet and its services, the number of attacks on information systems has increased, necessitating the need to protect information systems [1] Maintaining