Resumen
This paper presents the evaluation of cybersecurity risks associated with the use of HTTP or HTTPS protocols on the web portals of different municipalities in Metropolitan Lima. The assessment identified vulnerabilities in each web portal using scanners such as Qualys SSLTest, Hardenize, and Mozilla Observatory. These tools provided information on the technical characteristics of each portal and a list of associated vulnerabilities. Subsequently, a threat analysis was conducted to identify potential threats resulting from the exploitation of these vulnerabilities. The obtained results underwent a risk assessment, calculating the risk magnitude based on criteria such as possibility and impact. The identified criteria were selected based on the reading of different sources, where the criteria were then valued. Following that, each threat was evaluated using evaluation matrices, which resulted in the final risk weighting value. With the calculated weight, the different threats were classified according to a prioritization order, where various treatments were proposed to address each threat. Each proposed treatment was evaluated against criteria to determine whether a system is secure or not. With the selection of treatments obtained, a comparison between protocols could be made. The objective of this paper is to both highlight the current situation of web portal security in the municipalities of Lima and propose a replicable method for the evaluation and risk treatment of the studied web portals' security.
Idioma original | Inglés |
---|---|
Título de la publicación alojada | 2024 10th International Conference on eDemocracy and eGovernment, ICEDEG 2024 |
Editores | Luis Teran, Luis Teran, Jhonny Pincay, Jhonny Pincay, Carmen Vaca, Daniel Riofrio |
Editorial | Institute of Electrical and Electronics Engineers Inc. |
Edición | 2024 |
ISBN (versión digital) | 9798350365535 |
DOI | |
Estado | Publicada - 2024 |
Evento | 10th International Conference on eDemocracy and eGovernment, ICEDEG 2024 - Lucerne, Suiza Duración: 24 jun. 2024 → 26 jun. 2024 |
Conferencia
Conferencia | 10th International Conference on eDemocracy and eGovernment, ICEDEG 2024 |
---|---|
País/Territorio | Suiza |
Ciudad | Lucerne |
Período | 24/06/24 → 26/06/24 |