attached in this file

SBM4304 IS SECURITY AND RISK MANAGEMENT
Table of Contents
1. Introduction    3
2. Literature Review on Security Issues in Education Sector in Future    3
Security against Algorithm Manipulation    3
Risk of Unethical Access to Registering Data of Students or Learners    3
Use of Fake Profile and Lack of Authenticity Verification    4
3. Potential Solution to Risk of Unethical Access to Registering Student Data    4
4. General and Application Management Controls against Threat of Organisational Functionality    5
5. Security Techniques in Education Sector IS for CIA Requirements    6
Encryption and Decryption of Centralised Data Base    6
Use of Biometric Security for Database Access at Education Organisations    6
Use of Artificial Intelligence for System Monitoring    6
6. Criticising Security Audit Process Used in Education Sector    7
7. Conclusion    7
References    8
1. Introduction
The educational sector is rapidly evolving rather than expanding, which hints at the changes in teaching process, organisational management, security and contents that are used for the educational purposes. In order to reach wider student bases and cater the interest of wide learning for learners, educational sector is making profound use of Information System (IS), which is enabling it to offer digital media based teaching, and better connectivity with a centralised and easy to navigate information-data base. However, the use of IS, is bringing in its shortcomings with its benefits and considering the significant role education sector plays in society, the current essay offer an in depth insight into the use of IS in education sector.
2. Literature Review on Security Issues in Education Sector in Future
Security against Algorithm Manipulation
In near future the education sector would use algorithms generated from the data mining-based information for selecting subjects, topics and perceiving students’ Intelligent Quotient (IQ). The data will be collected from the usage observation of mobile applications and systems. As supported by Fynn and Adamiak (2018), considering the gradual absence of human participation and rational thinking, the education sector would use algorithms, which, if tweaked properly would generate suitable results for hacker and students might be found using the unethical hacking means for their benefits. On the other hand, as argued by Al Mazidi and Abusham (2018), the proportion of data used in formulating algorithms in educational information system, would be kept secret to education organisations and would be updated periodically, reducing the chance of algorithm manipulation becoming a large-scale problem. However, the argument cannot be accepted entirely; it is true that changes of algorithms will be evident and the ratio of data included for algorithms will be kept secret, nevertheless in education sector the algorithms will be used for students’ preferences, IQ and merit, which would have common attributor and therefore the scope of hacking and manipulation would be existent.
Risk of Unethical Access to Registering Data of Students or Learners
In near future, as a part of education system, students and learners would have to register with their details or email IDs to get access to education organisations’ services as well as mobile application services for their conveniences, as a part of integration of IS in education sector. As opined by Beacham and Duncan (2018), the central database that would hold the details of the students and learners would face the risk of unethical access, which could lead to personal information being misused and exploited for marketing purposes, ultimately creates privacy issues for the students and learners. The unethical access would lead to biased preferences of students taking away the prioritised view of equal treatment from the faculty. The risk of unethical access to personal data would reduce the confidence level of students and learners in terms of providing their details to the IS used by education organisations, which would rise anti-IS usage perspective. Rejecting the degree of concern generated from the scope of accessibility risk Brown (2018), argued that students only provide details to confirm their identity and the information collected will not contain details of contact number of address and bank account numbers, therefore, unethical access to such details will not be relevant. However, this view is not logically sound; as the access to email IDs would be hackers to access-associated contacts, connected with the IDs and would be exploited to a higher degree.
Use of Fake Profile and Lack of Authenticity Verification
With the wider acceptance and integration of IS in education sector, the offering of learning courses would be offered to students in faraway places, using the Information and Communication Technology (ICT), coupled with security systems, that would verify the accounts of the students and give access to centralised database of the education organisation. However, taking cue from the high reliance of email ID-based digital identity verification, people can use fake accounts to access to the database, disguising as a student or learner, using the loophole of the system to their advantage. As mentioned...