Securing E-Learning Systems: A Case of Insider Cyber Attacks and Novice IT Management in a Small University

The growing use of e-learning systems has been documented by numerous studies (Levy, 2005). Yet in spite of this enormous growth, little attention has been given to the issue of security of e-learning systems both in research and in practice. Security of e-learning systems has a unique challenge as these systems are accessed and managed via the Internet by thousands of users over hundreds of networks. However, the Internet can pose security threats such as unauthorized access, hacking/ cracking, obtaining sensitive information, and altering data and configuration, as well as enabling academic misconduct incidents (Freeh, 2000; Ramim, 2005; Sridhar & Bhasker, 2003). At the same time, cyber attacks have proliferated significantly in recent years. As a result, proper IT policies and procedures, in particular ones related to security of information systems, have become critical for organizations. This case study was written from the IS consultant’s point of view and addresses the issues related to insider cyber attacks combined with novice IT management knowledge in a small university. After a year of substantial growth to its online learning program, the university in this case study experienced a devastating event that halted all academic activities enabled by the institution’s e-learning system. This case reveals that internal cyber attack as well as lack of proper IT policies and procedures all resulted in multiple instances of damage to the e-learning system. The case provides detailed documentation on the security audit performed as well as stimulation for class discussions on actions to be taken as a result of the insider’s cyber attack. Additionally, this case study attempts to provide a starting point on discussions in the area of security related to e-learning systems. It is hoped that this case study will stimulate discussions among practitioners and researchers related to e-learning systems security, and that it will help prevent such incidents from occurring at other academic institutions.