Cybersecurity Assessment and Vulnerability Modelling of Networks and Web Services in Nigerian Colleges of Education

Abstract

Cybersecurity threats are among the most significant risks facing organizations and government today, and administrative boards have now been held accountable. This is an experimental research activity conducted to perform a holistic cybersecurity assessment and vulnerability modelling on the Information and Communication Technology (ICT) infrastructure and services of Colleges of Education in the six geopolitical zones. The study adopts an integrated bi-modal threat modelling and assessment (IBTMA) method by combining assessment and modelling approaches, which involves mixed-methods, along with computer-based experimentation to comprehensively evaluate and model cybersecurity threats, identify vulnerabilities, and propose effective mitigation strategies. Logistic regression data analysis was used to model the relationship between dependent variables (e.g., presence or absence of vulnerabilities or threats) and independent variables (e.g., cybersecurity practices, system configurations, policies, and staff training programs). This cybersecurity assessment provides the initial understanding of the security landscape and practices. The next step involves using the Microsoft Threat Modeling tool on the assets to identify specific threats. These threats are then prioritized based on their potential impact and likelihood. Assessment result of the vulnerability exposure is supported by the threat modelling report, which shows several threats: tampering, elevation of privilege, denial of service, privilege escalation, information disclosure, and spoofing. Findings from the study indicate that colleges face critical network and web vulnerabilities that need holistic solution.