Comparative and Business Impact Analysis (BIA) of Cybersecurity Risks in the Use of HTTP or HTTPS Protocols for Web Portals. Case Study: District Municipalities of Metropolitan Lima

Angie Centeno Caceres, Mariuxi Bruzza Moncayo, Manuel Tupia Anticona

Producción científica: Capítulo del libro/informe/acta de congresoContribución a la conferenciarevisión exhaustiva

Resumen

This paper presents the evaluation of cybersecurity risks associated with the use of HTTP or HTTPS protocols on the web portals of different municipalities in Metropolitan Lima. The assessment identified vulnerabilities in each web portal using scanners such as Qualys SSLTest, Hardenize, and Mozilla Observatory. These tools provided information on the technical characteristics of each portal and a list of associated vulnerabilities. Subsequently, a threat analysis was conducted to identify potential threats resulting from the exploitation of these vulnerabilities. The obtained results underwent a risk assessment, calculating the risk magnitude based on criteria such as possibility and impact. The identified criteria were selected based on the reading of different sources, where the criteria were then valued. Following that, each threat was evaluated using evaluation matrices, which resulted in the final risk weighting value. With the calculated weight, the different threats were classified according to a prioritization order, where various treatments were proposed to address each threat. Each proposed treatment was evaluated against criteria to determine whether a system is secure or not. With the selection of treatments obtained, a comparison between protocols could be made. The objective of this paper is to both highlight the current situation of web portal security in the municipalities of Lima and propose a replicable method for the evaluation and risk treatment of the studied web portals' security.

Idioma originalInglés
Título de la publicación alojada2024 10th International Conference on eDemocracy and eGovernment, ICEDEG 2024
EditoresLuis Teran, Luis Teran, Jhonny Pincay, Jhonny Pincay, Carmen Vaca, Daniel Riofrio
EditorialInstitute of Electrical and Electronics Engineers Inc.
Edición2024
ISBN (versión digital)9798350365535
DOI
EstadoPublicada - 2024
Evento10th International Conference on eDemocracy and eGovernment, ICEDEG 2024 - Lucerne, Suiza
Duración: 24 jun. 202426 jun. 2024

Conferencia

Conferencia10th International Conference on eDemocracy and eGovernment, ICEDEG 2024
País/TerritorioSuiza
CiudadLucerne
Período24/06/2426/06/24

Huella

Profundice en los temas de investigación de 'Comparative and Business Impact Analysis (BIA) of Cybersecurity Risks in the Use of HTTP or HTTPS Protocols for Web Portals. Case Study: District Municipalities of Metropolitan Lima'. En conjunto forman una huella única.

Citar esto