Security audits for elearning
Web applications are often the most vulnerable part of a computer system. Before deploying an LMS – Learning Management System – in their organization, many companies must complete a security audit of their service.
How are security audits conducted?
- We identify a variety of attack scenarios, such as those involving connections to servers, identification of participants, strategic data, etc.
- We then simulate an attack, in which a dynamic analysis is performed during the execution of the LMS, while employing unusual conditions of use.
- We repair the vulnerabilities: the analysis makes it possible to identify data that would be otherwise inaccessible.
- We set priorities based on impacts: a large volume of random data is generated following these attack scenarios. It is essential to have identified priority targets and rely on specialized tools to process information.
- We offer a list of areas for improvement, with the final report presenting an implementation planning schedule.
How are the conclusions presented?
The final report presents risk level indicators in terms of availability, confidentiality, etc. The methods are explained to expose the various existing security risks and their impact, as well as recommendations to correct them.
GSF, which has more than 60,000 employees, had Dokeos audited by experts in cybercrime and cybersecurity. The log of this audit is available to our major clients for the sake of transparency.
Would you like to know more about the security of your LMS? Benefit from our expertise by contacting Dokeos.