Embed Size (px)
Citation preview
Panita Wannapiroon, Ph.D. Assistant Professor
Preecha Pangsuban Ph.D. Candidate
Prachyanun Nilsook, Ph.D. Associate Professor
Division of Information and Communication Technology for Education, Faculty of Technical Education, King Mongkut's University of Technology North Bangkok, Thailand.
Systems Analysis of Risk Assessment
for Moodle Learning
in a LAMP Environment from Log Files
1
INTRODUCTION
•Moodle is the most popular open source e-Learning.
•It has higher capabilities of learner tools, support tools and
technical specifications tools than the other softwares.
•Many researches showed that the Moodle not without risk.
•Moodle had higher number of vulnerabilities compared to its commercial (Joh, 2013).
•Unfortunately, it has not been systematically tested for vulnerabilities and weaknesses (Martinez et al., 2013).
2
INTRODUCTION (2)
•Commonly, Log file is used primarily for troubleshooting problems.
•Log file contains information related to many different types of events occurring within networks and systems (Kent, K., 2006).
•Log file analysis is statistical algorithms to determine incident severity and then assigns a threat score based on asset value.
•The risk assessment of Moodle was evaluated by log file analysis approach.
3
INTRODUCTION (3)
•The ISO/IEC27005:2011 is chosen in order to achieve the best risk assessment results.
•For this research focuses on Moodle in a LAMP environment.
•A LAMP environment is composed of Linux, Apache, MySQL and PHP scripting languages.
•Thus, our research was to analyze and assess the system for assessing the risk of Moodle in a LAMP environment from log files.
4
•To analyze the composition of systems of risk assessment for Moodle learning in a LAMP environment from log files.
•To evaluate the suitability of the compositions of system of risk assessment for Moodle learning in a LAMP environment from log files.
OBJECTIVES
5
•Population of study is experts in the field of IS analysis and design and IT risk management.
•Sample groups are 5 experts in the field of IS analysis and design and IT risk management.
Population and sample group
6
RESEARCH SCOPE
•Independent variable is systems of risk assessment for Moodle learning in a LAMP environment from log files.
•Dependent variable is the compositions’ suitability of systems of risk assessment for Moodle learning in a LAMP environment from log files.
Variables used in the research
7
RESEARCH SCOPE (2)
CONCEPTUAL FRAMEWORK
IT Risk assessment
-Risk identification
-Risk analysis
-Risk evaluation
Log files
-Log facilities
-Log priorities
-Log format Moodle e-learning
environment analysis
Log File analysis
Moodle in a LAMP
environment System analysis
on the risk assessment
for moodle learning in a
LAMP environment
from log files
Risk assessment
for moodle learning
in a LAMP environment
from log files
8
• The first phase: Analysis of the composition of the system. 1. Studying, analyzing and synthesizing of research
papers.
2. Analyzing the components of the system.
3. Designing system components.
4. Presenting the system components to the advisors.
5. Create tools for evaluating the suitability of the system.
RESEARCH METHODOLOGY
9
• The second phase: The evaluation of the compositions’ suitability. 1. Five experts to determine and evaluate the suitability
of such a system.
2. Improving the system’s components.
3. Presenting analyzed compositions of the system.
4. Analyzing the results of the evaluation
RESEARCH METHODOLOGY(2)
10
RESULTS
•The research findings are presented as follows:
Section one: The composition of system.
Section two: The results of the evaluation.
11
12
RESULTS (2)
The composition of system
1. Central log file :
13
RESULTS (3)
• A depository of log files.
• It composed of five modules:
Linux system log files module.
Apache webserver log files module.
MySQL database log files module.
Moodle log files module.
Firewall log files module.
14
RESULTS (4)
2. Log file analysis
1) Log file normalization module
• Decomposing tables to eliminate data redundancy
and undesirable characteristics.
• Identifying the desired event and filtering out
unwanted events.
• Converting the format of the log files from different
sources into the same format.
• Combining the log files from different sources
together.
15
2. Log file analysis (cont.)
RESULTS (5)
2) Log file database module
• Filling
• Changing
• Storing the log files into the database.
16
2. Log file analysis (cont.)
RESULTS (6)
3) Correlation analysis module
•Baselining and anomaly detection.
•Scanning to detect weaknesses or vulnerabilities of
OS and applications.
3. Risk assessment
17
• Identification of assets.
• Ranking the asset .
• Impact area is categorized in the 1-5 scale
• The importance ranking of the individual assets.
1) Risk identification modules
RESULTS (7)
3. Risk assessment (cont.)
18
• Scales the vulnerability and threat.
• The level of vulnerability and threat are specifying
on the basis of the correlation of the log files from
IDS.
• Vulnerability based on two factors: the severity of
the impact that occurred and the damage exposed.
• Threat considers by likelihood.
• The level is categorized in the 1-5 scale.
2) Risk analysis module
RESULTS (8)
19
• Determine the level of risk.
• The scale of vulnerability and threat following the risk
matrix following ISO/IEC 27005:2011.
• Ranking of the importance of risk assessment criteria and
the situation of risk.
• These also lead to the treatment risks.
• The next step is managing the risks (risk management).
3) Risk evaluation module
3. Risk assessment (cont.)
RESULTS (9)
The results of the evaluation
• The evaluation of the composition’s suitability by
the 5 experts.
• Focusing on the principles and concepts of system.
20
RESULTS (10)
The results of the evaluation (cont.)
21
RESULTS (11)
22
The results of the evaluation (cont.)
RESULTS (12)
23
The results of the evaluation (cont.)
RESULTS (13)
• The composition of the systems can be described as follows:
1. Central log file
2. Log file analysis
3. Risk assessment
DISCUSSION AND CONCLUSIONS
24
•The suitability average level is at highest level
•Myers, J. and colleague. (2009) who suggested that the best practices of log management should be considered for possible usefulness in detecting insider threats.
•The composition of the system derived from the analysis can be improved and real usage.
DISCUSSION AND CONCLUSIONS (2)
25
