Cyber Security Solution Case Study: HKU Autism E-learning platform
Protect the data privacy of students and parents with comprehensive cloud security assessment
The number of autistic children and adolescents has been increasing in the last few years. More and more students are troubled by emotional and social communication problems. The University of Hong Kong and The Hong Kong Jockey Club Charities Trust jointly launched “Jockey Club Autism Support Network” (JC A-Connect), a free online learning platform developed by a team of psychologists, to provide parents, professionals, and the public with information in order to help them support children with Autism Spectrum Disorder (ASD).
Client Background
Client
The University of Hong Kong
Industry
Education
Solution
Challenges
- Parents, professionals, and the public need to register as members on the website in order to obtain the learning resources. Considering applicants’ personal information, such as name and email address, will be collected by the website, it raises concern of data privacy and security to HKU that it is necessary to conduct a comprehensive and systematic security check before the website is officially launched, so that users data are protected while using the platform.
- The website is hosted in the cloud server which usually adopts the default network security settings with lower security level. A security check up by professional is necessary in order to apply an adaptive and advanced security configuration.
UD Solution
- Penetration testing, including vulnerability scanning and manual testing, has been conducted before the launch of the new website. Cybersecurity analysts simulated hackers' intruding into the system, so as to find out system’s possible vulnerabilities and fix them in time to prevent cyber-attacks.
- Carry out data privacy risk assessment to identify the potential data leakage and ensure data encryption is in place.
- Obtain SSL Certificate for the website to ensure the content transmitted between the website and users are encrypted and protected.
- Conduct the cloud security settings with industry standard and elevate the security level with adaptive defence to resist hackers’ attacks.
Achievement
Enhance the overall cyber security level of the website
Protect website data and sensitive personal information from data breach
Identify cloud security risks in advance and prevent possible cyber-attacks
4 Keys to Success
-
1. Creative and resourceful problem solving
As a managed security service provider, we offer a comprehensive and holistic cybersecurity solution that tailor-made for JC A-Connect, including a series of measures such as website security risk assessment, data encryption and protection, and cloud security configurations. Moreover, we also proactively support JC A-Connect to handle their technical issues when they set up the SSL Certificate.
-
2. Advanced Penetration Test
Unlike general penetration testing, UDomain not only conducts vulnerability scanning, but also penetrate the platform manually in ethnical hacker’s view to provide a complete testing result. We also provide detailed analysis of scanning result, improvement plans and suggestions in the report.
-
3. Customised expert advice - proactively identify potential risks
Before the test began, our experts learned that the website will be hosted in the public cloud, so we took the initiative to further investigate and evaluate the security configuration of the cloud. The result showed that the security level was low with data leakage possibilities. Therefore, we provide suggestions to elevating the security level in order to better protect the system.
-
4. Raise the awareness of Cybersecurity
Do you know that a new website is like a new house which needs an inspection before move in? Besides providing security solutions to our customers, we also aim to raise the security awareness in general through sharing the latest security information to our customers and the public.
UD Security
Cyber Security to Protect Your Business
SSL Certificate | Penetration Test | Phishing Awareness
UD Security