Systems Analysis of Risk Assessment for Moodle Learning in a LAMP Environment from Log Files

Panita Wannapiroon, Ph.D. Assistant Professor

Preecha Pangsuban Ph.D. Candidate

Prachyanun Nilsook, Ph.D. Associate Professor

Division of Information and Communication Technology for Education, Faculty of Technical Education, King Mongkut's University of Technology North Bangkok, Thailand.

Systems Analysis of Risk Assessment

for Moodle Learning

in a LAMP Environment from Log Files

1

INTRODUCTION

•Moodle is the most popular open source e-Learning.

•It has higher capabilities of learner tools, support tools and

technical specifications tools than the other softwares.

•Many researches showed that the Moodle not without risk.

•Moodle had higher number of vulnerabilities compared to its commercial (Joh, 2013).

•Unfortunately, it has not been systematically tested for vulnerabilities and weaknesses (Martinez et al., 2013).

2

INTRODUCTION (2)

•Commonly, Log file is used primarily for troubleshooting problems.

•Log file contains information related to many different types of events occurring within networks and systems (Kent, K., 2006).

•Log file analysis is statistical algorithms to determine incident severity and then assigns a threat score based on asset value.

•The risk assessment of Moodle was evaluated by log file analysis approach.

3

INTRODUCTION (3)

•The ISO/IEC27005:2011 is chosen in order to achieve the best risk assessment results.

•For this research focuses on Moodle in a LAMP environment.

•A LAMP environment is composed of Linux, Apache, MySQL and PHP scripting languages.

•Thus, our research was to analyze and assess the system for assessing the risk of Moodle in a LAMP environment from log files.

4

•To analyze the composition of systems of risk assessment for Moodle learning in a LAMP environment from log files.

•To evaluate the suitability of the compositions of system of risk assessment for Moodle learning in a LAMP environment from log files.

OBJECTIVES

5

•Population of study is experts in the field of IS analysis and design and IT risk management.

•Sample groups are 5 experts in the field of IS analysis and design and IT risk management.

Population and sample group

6

RESEARCH SCOPE

•Independent variable is systems of risk assessment for Moodle learning in a LAMP environment from log files.

•Dependent variable is the compositions’ suitability of systems of risk assessment for Moodle learning in a LAMP environment from log files.

Variables used in the research

7

RESEARCH SCOPE (2)

CONCEPTUAL FRAMEWORK

IT Risk assessment

-Risk identification

-Risk analysis

-Risk evaluation

Log files

-Log facilities

-Log priorities

-Log format Moodle e-learning

environment analysis

Log File analysis

Moodle in a LAMP

environment System analysis

on the risk assessment

for moodle learning in a

LAMP environment

from log files

Risk assessment

for moodle learning

in a LAMP environment

from log files

8

• The first phase: Analysis of the composition of the system. 1. Studying, analyzing and synthesizing of research

papers.

2. Analyzing the components of the system.

3. Designing system components.

4. Presenting the system components to the advisors.

5. Create tools for evaluating the suitability of the system.

RESEARCH METHODOLOGY

9

• The second phase: The evaluation of the compositions’ suitability. 1. Five experts to determine and evaluate the suitability

of such a system.

2. Improving the system’s components.

3. Presenting analyzed compositions of the system.

4. Analyzing the results of the evaluation

RESEARCH METHODOLOGY(2)

10

RESULTS

•The research findings are presented as follows:

Section one: The composition of system.

Section two: The results of the evaluation.

11

12

RESULTS (2)

The composition of system

1. Central log file :

13

RESULTS (3)

• A depository of log files.

• It composed of five modules:

Linux system log files module.

Apache webserver log files module.

MySQL database log files module.

Moodle log files module.

Firewall log files module.

14

RESULTS (4)

2. Log file analysis

1) Log file normalization module

• Decomposing tables to eliminate data redundancy

and undesirable characteristics.

• Identifying the desired event and filtering out

unwanted events.

• Converting the format of the log files from different

sources into the same format.

• Combining the log files from different sources

together.

15

2. Log file analysis (cont.)

RESULTS (5)

2) Log file database module

• Filling

• Changing

• Storing the log files into the database.

16

2. Log file analysis (cont.)

RESULTS (6)

3) Correlation analysis module

•Baselining and anomaly detection.

•Scanning to detect weaknesses or vulnerabilities of

OS and applications.

3. Risk assessment

17

• Identification of assets.

• Ranking the asset .

• Impact area is categorized in the 1-5 scale

• The importance ranking of the individual assets.

1) Risk identification modules

RESULTS (7)

3. Risk assessment (cont.)

18

• Scales the vulnerability and threat.

• The level of vulnerability and threat are specifying

on the basis of the correlation of the log files from

IDS.

• Vulnerability based on two factors: the severity of

the impact that occurred and the damage exposed.

• Threat considers by likelihood.

• The level is categorized in the 1-5 scale.

2) Risk analysis module

RESULTS (8)

19

• Determine the level of risk.

• The scale of vulnerability and threat following the risk

matrix following ISO/IEC 27005:2011.

• Ranking of the importance of risk assessment criteria and

the situation of risk.

• These also lead to the treatment risks.

• The next step is managing the risks (risk management).

3) Risk evaluation module

3. Risk assessment (cont.)

RESULTS (9)

The results of the evaluation

• The evaluation of the composition’s suitability by

the 5 experts.

• Focusing on the principles and concepts of system.

20

RESULTS (10)

The results of the evaluation (cont.)

21

RESULTS (11)

22

The results of the evaluation (cont.)

RESULTS (12)

23

The results of the evaluation (cont.)

RESULTS (13)

• The composition of the systems can be described as follows:

1. Central log file

2. Log file analysis

3. Risk assessment

DISCUSSION AND CONCLUSIONS

24

•The suitability average level is at highest level

•Myers, J. and colleague. (2009) who suggested that the best practices of log management should be considered for possible usefulness in detecting insider threats.

•The composition of the system derived from the analysis can be improved and real usage.

DISCUSSION AND CONCLUSIONS (2)

25

Thank you

preecha@yru.ac.th

26