DESIGN AND IMPLEMENTATION OF CYBERSECURITY RISK

ASSESSMENT SYSTEM

BELLO ZAINAB OPEEYEMI

WITH
CS/HND/F22/3410

SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE,

IN PARTIAL FULFILMENT FOR THE AWARD OF HIGHER
NATIONAL DIPLOMA (HND) IN COMPUTER SCIENCE.
SCHOOL OF COMPUTING
FEDERAL POLYTECHNIC, OFFA
P.M.B. 420, OFFA, KWARA STATE, NIGERIA.

SUPERVISED BY:
DR SALIMONU, R.I. (PhD)

NOVEMBER, 2024
 CERTIFICATION

I certify that this project was carried out by me BELLO ZAINAB OPEYEMI with
matric numbers (CS/HND/F22/3410), a student of the department of Computer
Science, School of Computing, Federal Polytechnic, Offa, Kwara State. In partial
fulfilment of the requirements for the award of Higher National Diploma (HND) in
Computer Science.

_____________________________ _______________________

BELLO ZAINAB OPEYEMI DATE

PROJECT STUDENT

i
 APPROVAL PAGE

This project work carried out by BELLO ZAINAB OPEYEMI with matric
numbers (CS/HND/F22/3410), has been read and approved by my supervisor for
submission to the department of Computer Science, School of Computing, Federal
Polytechnic, Offa, Kwara State. In partial fulfilment of the requirements for the
award of Higher National Diploma (HND) in Computer Science.

_____________________________ __________________________

SALIMONU, R. I. (PhD) DATE

PROJECT SUPERVISOR

_____________________________ __________________________

ALIYU M.J (MR) DATE

HEAD OF DEPARTMENT

ii
 ABSTRACT

Cyber-attacks have increased in number and severity, which has negatively affected
businesses and their services. As such, cyber security is no longer considered merely
a technological problem, but must also be considered as critical to the economy and
society. Existing solutions struggle to find indicators of unexpected risks, which
limits their ability to make accurate risk assessments. This study presents a risk
assessment method based on Machine Learning, an approach used to assess and
predict companies' exposure to cybersecurity risks. For this purpose, four algorithm
implementations from Machine Learning (Light Gradient Boosting, AdaBoost, Cat
Boost, Multi-Layer Perceptron) were implemented, trained, and evaluated using
generative datasets representing the characteristics of different volumes of data (for
example, number of employees, business sector, and known vulnerabilities and
external advisor). The quantitative evaluation conducted on this study shows the high
accuracy of Machine Learning models and Especially Multi-Layer Perceptron was
the best accuracy when working compared to previous work.

iii
 DEDICATION

This project is dedicated to God Almighty, the author of wisdom understanding, and
knowledge.

iv
 ACKNOWLEDGEMENT

My utmost appreciation goes to Almighty God, the maker of the heaven and earth,
the Omniscience and Omnipotent God who had been my helper and sustainer
throughout this program.
My special thanks goes to parents Mr & Miss Bello who have been my sponsors. I
appreciated their efforts for their support in prayers, provisions and financial support.
I also appreciate my late coach for the word of advice for my journey to be
successful (may your soul continue to rest in peace)
Thank you very much for your support and may you live long to eat the fruit of your
labor (Amin).
I acknowledge the effort of my supervisor in person of Dr Salimonu R.I. for his
moral support and word of knowledge, impacted from the conception to the
actualization of this project work. May God bless you abundantly (Amin).
Also I appreciate the effort of my head of Department in person of Mr. Aliyu M.J
and all lecturer of Computer Science for their relentless effort to make my program a
successful one
I believe I am indebted to you all, once again, thanks for being there.

v
 TABLE OF CONTENTS

CERTIFICATION.....................................................................................................................i
APPROVAL PAGE..................................................................................................................ii
ABSTRACT............................................................................................................................iii
DEDICATION.........................................................................................................................iv
ACKNOWLEDGEMENT........................................................................................................v
TABLE OF CONTENTS........................................................................................................vi
LIST OF TABLES..................................................................Error! Bookmark not defined.
LIST OF FIGURES................................................................Error! Bookmark not defined.
LIST OF APPENDICES.........................................................Error! Bookmark not defined.

CHAPTER ONE.........................................................................................................1
1.1 General Introduction
1.2 Statement of the Problem
1.3 Aim and Objectives
1.4 Significance of the Study
1.5 Scope of the Study
1.6 Limitation of the Study
1.7 Definition of terms

CHAPTER TWO........................................................................................................7
2.1 Theoretical Concept
2.2 Review of related work

CHAPTER THREE.................................................................................................17
3.1 Data Collection
3.2 Description of the proposed system
3.3 Analysis of the proposed system
3.4 System Design

CHAPTER FOUR....................................................................................................24
4.1 System Requirements
4.2 System Implementation
4.3 Results presentation

vi
4.4 System Evaluation/Testing (optional)
4.5 System Documentation and Maintenance
4.6 Benefits of the System

CHAPTER FIVE......................................................................................................29
5.1 Summary
5.2 Conclusion
5.3 Recommendation

REFERENCES.........................................................................................................32

APPENDIX
 FLOWCHART
 PROGRAM CODING
 PROGRAM OUTPUT

vii
viii
 CHAPTER ONE

INTRODUCTION
1.1. General Introduction:

The use of mobile applications also referred to as mobile apps has become highly
pervasive in recent times. According to (Kadiri, 2013) A mobile app is an
application software designed to run on a mobile handheld device such as a
smartphone, Android device, or computer. It is usually developed to serve as an
interface to the standard application. The importance of mobile apps in mobile
devices is undeniably unending as their application spans several areas of everyday
life and activities such as communication, education, cooking, social media,
shopping, business, banking, and a lot more. Whatever its application area, mobile
apps generally have some common features which include analytics, content display,
in-app messaging, location services, navigation and search, offline access, push
notifications, security, settings and preferences, social media integration, user
authentication and user profile. Regarding its application in education, it is used for
tertiary teaching and research by academic staff and undergraduate students. This has
become necessary especially when students have to share their research work in the
form of a thesis with an academic staff (supervisor). Previously, this type of
communication was done using printed papers, which has become inconvenient and
exhausting. The use of mobile apps in sharing, preparing, and assessing students by
their project supervisors has proved to be time-saving, economical, and convenient.
In line with these benefits, this paper focuses on the design and implementation of a
project assessment and presentation mobile application for tertiary schools. Several
researches have been conducted in the designing and implementation of mobile apps
for its various areas of applications. An overview of the key themes, trends, and
significant contributions in the field of app development are as discussed below. In
2022, conducted a survey that was made available to staff and higher-degree students
(collectively referred to as academics) across the University to capture their
perspective on mobile app use for teaching and research. The report talked about
how a survey was available to staff and higher degree students across the university
to capture their perspective on mobile application use for teaching and research.
1
Performed a comparative demonstration and Analysis of File Sharing Applications
on Android Mobile Devices. The research was focused on the file-sharing
applications running on smartphones specifically Android mobile devices (Irfan,
2016). Demonstration was performed by conducting file sharing on an Android
mobile device using mobile file sharing applications by transferring all types of files
such as single small files, single big files, and multiple small and big files to
compare the file transfer rate among these file sharing applications. Different
analysis was performed focusing on ease of access and compatibility and the results
obtained were presented. Study focused on the application of the design science
research approach in the development of a mobile learning application called
MobileEdu for computing education in the Nigeria higher educational context. It
described analysis, design, and implementation activities related to the development
of MobileEdu and also deliberated on the characteristics and scope of its adherence
to the traits and ideas of design science research. The design was evaluated in a real-
life learning setting, through an experiment conducted with 142 third-year
undergraduate students in a Nigerian university. Proposed an implementation of a
mobile application-based P2P learning system that was named “Each Other”. The
implementation scenario is on students of an IT course at the High School of
Technology of Fez (ESTF). The study focused on the conception, development, and
implementation of a mobile application based on an Android system to support
collaborative learning, through the application of object-oriented modelling language
which is Unified Modeling Language (UML). designed a seamless file-sharing
application for Android devices. In this study, it was concluded that the application
could be a solution for frequent disconnection of P2P file sharing in mobile devices.
Since SFS doesn’t use the server, there were no additional communication costs. It
was said that all users need a simple operation done by themselves. This improved
the limitation of devices such as low battery or lack of capacity. Designed,
developed, and presented two applications to support students learning in the Greek
secondary education environment. The structure and functions of the two
applications were presented under the names “Aepp_App” and “CS_App”. The
mobile applications were intended for use by teachers and students during a lesson as
well as outside the classroom setting, with the use of Android mobile devices.
2
Implemented a P2P file-sharing system which showed that a P2P file-sharing system
between mobile devices can be designed and implemented using Bluetooth as a
communication protocol. The application allows J2ME and MIDP (Mobile
Information Device Profile) enabled mobile devices to share and publish the files in
the network over Bluetooth, search for specific types of files such as (music,
pictures, text, and programs) and download them onto their local memory. It is
possible to develop the system in the future, to add more features and the capacity to
work on more than one operating system for mobiles. Provided an overview of
previous studies conducted on mobile learning applications and investigated the
challenges and difficulties of the design and development of mobile learning
applications. To have a better understanding of implementing a mobile learning
application, a prototype of one mobile learning application was developed to educate
and enhance motivation among adults to donate specific necessities for
underprivileged students. Designed and implemented a mobile application to
disseminate students’ results of their examinations using Java programming
language, Phased model as Software Development methodology, and Android
technology. The study obtained it’s through documentation, interview, and
observation techniques. Developed a mobile application to simplify the learning
process in secondary and high schools. The mobile application was developed on the
Andriod operating system given the extensive use of mobile devices and a
convenient application development toolkit. The mobile application is meant to
simplify the acquisition of information required for an effective educational process.
A pedagogical experiment was conducted as part of the study at the (Toraighyrov,
2018) Pavlodar State University.
1.2. Statement of the Problem:

This study seeks to merge the hybrid cryptography algorithm with files stored on the
cloud systems. We want to create a system that would store files in form of text and
document, Taking security seriously is the main theme of this project. The files
stored would be stored and encrypted to as to preserve the security and then can only
be retrieved with the use of the decryption key.

3
1.3. Aim and Objectives of the study:

The aim of the study is to design and implement a mobile app security assessment
system that will creating a functioning web application capable of storing android
files and encrypting them in a cloud database

Objectives:

The objectives are detailed statements describing the ways through which you intend
to achieve the goal.

 Examining previous studies in the field of hybrid cryptography and cloud

computing.
 Studying in detail the various security assessment techniques.
 Figuring out a system that can effectively assess, store, encrypt and decrypt
data using the encryption keys

1.4. Significance of the Study:

This study brings out the academic and theoretical aspect of data assessment and
confidentiality into real life working software. This project would result in
the building of a software that can be further used for research purposed for the
function of improvement in data security.

1.5. Scope of the Study:

The scope of the study would be contained and limited to relatively applications and
smaller file formats like texts, images, some small sized audio and videos. The
reason for these limits placed on them is to ensure that the small cloud space
budgeted is not exhausted in the course of testing and deployment. Large cloud space
for storage also correlates with a large fee for the cloud service.

4
1.6. Limitation of the Study:

This research takes the approach of utilizing scanning as the medium of

communication between the hardware security system and the mobile application
software. This gives a crucial advantage of simplicity and cost minimization with
respect to leveraging a more complex and expensive communication medium such as
the Internet. However, it poses a downside, as network must be present before the
system can be effectively used. It must therefore be taken into cognizance that
wherever it will be implemented and used, the underlying network infrastructure
required for SMS to work must be present.

1.7. Definition of terms:

Mobile app: referred to as mobile apps has become highly pervasive in recent times.

Databases: A systematically arranged collection of computer data, structured so that

it can be automatically retrieved or manipulated. It is also called a databank.

Security Management: is a broad field of management related to asset

management, physical security and human resource safety functions.

Assessment: The process of identifying, analyzing, and evaluating potential threats

to information systems.

Information Security: means protecting information and information systems from

unauthorized access, use, disclosure, disruption, modification, perusal, inspection,
recording, or destruction.

5
 CHAPTER TWO
LITERATURE REVIEW
2.1 Theoretical Concept:

According to (chatgpt, 2024) the theoretical foundation of cybersecurity risk

assessment is built upon well-established principles, frameworks, and methodologies
from prior research. This section summarizes key concepts and insights derived from
the literature. The evolution of cybersecurity risk assessment frameworks is a
testament to the growing complexity of the threat landscape. Early frameworks
focused on basic threat identification and manual assessment, while modern systems
integrate AI, big data analytics, and real-time intelligence.

 Traditional Methods: Relied on static models and checklist-based

approaches.
 Contemporary Approaches: Emphasize dynamic, automated, and data-
driven methods to improve accuracy and scalability.

2.1.1 Cybersecurity Risk Management

Risk management in cybersecurity is a systematic process of identifying, evaluating,

and prioritizing risks to information assets. According to the National Institute of
Standards and Technology (NIST), the risk management lifecycle consists of:

 Risk Identification: Documenting potential threats, vulnerabilities, and

impacts.
 Risk Analysis: Evaluating the likelihood and consequences of identified
risks.
 Risk Mitigation: Implementing controls and strategies to reduce risks to
acceptable levels.
 Risk Monitoring: Continuously assessing and updating the risk profile as
the threat landscape evolves.

6
2.1.2 Threat Modeling

Threat modeling is a theoretical approach for systematically identifying potential

threats and their impacts. Widely used models include:

 STRIDE Framework: Focuses on six key threat categories: Spoofing,

Tampering, Repudiation, Information Disclosure, Denial of Service, and
Elevation of Privilege.
 DREAD Model: Assesses risks based on Damage potential, Reproducibility,
Exploitability, Affected users, and Discoverability.

These models aid organizations in prioritizing risks by focusing on the most critical
threats to their infrastructure.

2.1.3 Vulnerability Assessment

Vulnerability assessment involves identifying weaknesses in systems, networks, and

applications that attackers could exploit.Tools like Nessus, OpenVAS, and Qualys
have become essential for scanning and analyzing vulnerabilities. Penetration testing
complements automated tools by providing deeper insights into exploitable
vulnerabilities. Theoretical research has emphasized that a robust vulnerability
assessment should integrate both automated tools and manual techniques to achieve
comprehensive coverage.

Two.1.4 Risk Quantification

Quantifying cybersecurity risks involves assigning numerical or categorical values to

risks based on their likelihood and potential impact. Two prominent approaches
include: Qualitative Assessment: Uses descriptive categories such as high medium
and low to rank risks. Employs probabilistic models and metrics to provide precise
numerical risk estimations. The FAIR Model (Factor Analysis of Information
Risk) is widely cited for its focus on quantitative risk analysis, enabling
organizations to calculate financial impacts and prioritize mitigation efforts
effectively.
7
2.1.5 Machine Larning and Automation in Cybersecurity Risk Assessment

Recent advancements in machine learning (ML) have revolutionized cybersecurity

risk assessment by enabling predictive and adaptive capabilities.

 Anomaly Detection: ML models can identify deviations from normal

behavior, signaling potential threats.
 Threat Classification: Supervised learning algorithms categorize risks based
on historical data.
 Real-time Analysis: Automation ensures that risks are assessed dynamically
as new threats emerge.

Theoretical research highlights the challenges of integrating ML, such as data quality
issues, model interpretability, and computational demands.

2.1.6 Real-time Threat Intelligence

Incorporating real-time threat intelligence into risk assessments enhances their

effectiveness by providing up-to-date information about emerging threats.

 Threat Feeds: Sources like Open Threat Exchange (OTX) and commercial
threat intelligence platforms provide actionable data.
 Integration Challenges: Theoretical studies discuss the need for seamless
integration of threat feeds into existing risk assessment systems.

2.2 Review of related work:

Trades’ leading motivation is incorporating security related perspective into systems

design. As such, trades shares a common underlying approach with nist sp800-160
(Ross, 2016). and the square (security quality requirements engineering)
methodology (mead, 2007). The nist publication provides considerations, and does
not provide a concrete methodology as trades. Square does provide high level
process definitions, but unlike trades it is not a model based approach, and it does
not provide any model which corresponds with the domain ontology. As an example,
one of the steps in square is “Categorize requirements,” with initial requirements and
8
architecture identified as inputs to the association of the requirements with the
relevant hierarchy and component (Stehney, 2015). Trades offers a more concrete
take on this, as it specifies and captures the aspects of the design as well as of the
TRA that are needed in order to assign requirements to the appropriate hierarchy and
component. With respect to this, we also note that square’s identification of inputs
for this step (of its prescribed process) misses an important input: the identification
of a threat allocation, and particularly the identification of the hierarchy component
to which a threat is allocated. This allocation has implications to the association of
requirements for security controls with a specific hierarchy component. Threat
modelling approaches that rely on diagrammatic representation exist, with data flow
diagrams (DFDs) being a popular diagrammatic form, as discussed in a review of
available threat modelling methods (Shevchenko et al., 2018). The review
specifically identifies that using DFDs is insufficient for threat modelling; further
emphasizing that the common, DFD based approaches fail to derive commonly
known as meta-model and its realization in the form of a database of modelling
elements; with diagrams providing a viewpoint into the database elements and/or
supporting updates to the database (e.g., adding or updating elements). Purely
diagrammatic methods such as those presented shortly often lack the formal
ontological foundations and the establishment of a rigorous data model.
Motivation: Accurate risk quantification is essential but remains a challenge due to
the complexity of cyber threats and data variability.
Objective: To apply AI models for improved risk quantification and prioritization.
Methodology: Employed deep learning techniques to analyze patterns in large-scale
datasets of cyber incidents and financial impacts.
Results: Enhanced the precision of financial risk estimations, providing actionable
insights for stakeholders.
Limitations: The deep learning models required frequent retraining to remain
accurate, introducing maintenance overheads.
2.2.1 Threat and Risk Assessment
Typically, the threat and risk assessment of systems is expressed as natural language
text, tables and freeform diagrams (that typically provide a specific view of a given
design). A threat model related publication (McCollum, 2018), for example, depicts
9
a representative example as a story with free-form diagrams. Another representative
example is a radar system security research report (Cohen et al., 2019), in which
threats are expressed in the form of a table. The aforementioned documentation is
typically prepared ad-hoc and is not necessarily aligned with the actual system
design. This does not support rigorous engineering nor the establishing of the
cybersecurity posture throughout the system lifecycle. The free-form approach to
TRA indicates a gap in sound, practical methodology.

2.2.2 Assets identification and assessment

According to the classification method in GB/T364666-2018 system assets were
identified based in combination with system features and assessment demands.
Assets are classified into hardware assets and software assets based on their pattern
of manifestation. That is to say, assets which are invisible and intangible are soft
assets, while hard assets are visible and tangible. The soft assets are divided into 6
categories including system software, application software, source program,
industrial control system, proprietary protocol, general protocol and data. The hard
assets are divided into 7 categories including onsite control layer devices, network
devices, security devices, computer devices, storage devices, transmission lines and
protection devices.

2.2.3 Treat identification and assessment

According to the classification method in GB/T364666-2018 and several threats that
the industrial control systems may face, we divide threats into five categories
including environmental factors, internal non-malicious factors, internal malicious
factors, external malicious factors and supply chain factors from the source of the
threats.

10
 CHAPTER THREE

METHODOLOGY
3.1 Data Collection:
The proposed system was design using the structured system analysis and design
methodology. The system was built on the Web platform. The front-end interface
was designed using flutter wave, while the backend functionalities are powered by
MySQL (a relational database management system) in designing the database which
runs on freely on Desktop. This language was chosen because of its flexibility and
features for developing offline based applications. In gathering and collecting
necessary data and information needed for system analysis, two major fact-finding
techniques were used in this work and they are:
 Primary source
 Secondary source
Primary Source
Primary source refers to the sources of collecting original data in which the
researcher made use of empirical approach such as personal interview and
questionnaires. CyberSecurity Risk Assessment System were studied and a lot of
information concerning the system in question was obtained. Some forms that are
necessary and available were assessed. Also internet downloads was made to obtain
some text materials.
Secondary Source
The need for the secondary sources of data for this kind of project cannot be over
emphasized. The secondary data were obtained by the researcher from magazines,
Journal, Newspapers, Library source.
3.2 Description of the proposed system:
The proposed system is a Cybersecurity Risk Assessment System designed to identify,
analyze, and mitigate cyber security risks in real-time, leveraging machine learning and
automation to improve efficiency and accuracy. The system will assist organizations in
proactively managing their cybersecurity risks by automating the assessment of
vulnerabilities, predicting potential threats, and providing actionable insights for risk

11
mitigation. This approach aims to overcome the limitations of manual methods, such as time
consumption, data dependency, and scalability issues.

Three.1.1 3.2.1 Data Flow

The architecture of the proposed system can be illustrated using a Data Flow Diagram
(DFD), which shows the flow of data between different system components and processes.
An Entity-Relationship Diagram (ERD) will represent the data model of the system,
capturing entities such as risks, users, incidents, and mitigation actions, as well as the
relationships between them
Key Entities:

 User: Represents an administrator or system user interacting with the risk

assessment system.
 Risk: Represents a cybersecurity risk, including its type, severity, likelihood,
and associated threat.
 Incident: A past or ongoing cybersecurity event, typically linked to a specific
risk.
 Mitigation Action: The corrective or preventive action recommended to
address a particular risk.
 Threat Feed: Represents external threat data (e.g., IP addresses, malware
signatures) used to inform risk assessments.
 Log Entry: Contains historical security data, such as firewall logs, intrusion
detection alerts, etc.
 Risk Assessment: The result of analyzing a specific risk, including
quantification (e.g., financial impact) and severity level.

3.3 Analysis of the proposed system:

In this section, we will describe the study phases in detail, outlining the inputs,
outputs, and database requirements for each phase of the Cybersecurity Risk
Assessment System. The system follows a structured approach to identify, analyze,
and mitigate risks, leveraging data-driven techniques and automation.

12
i. Input:

 External Threat Intelligence: Data from external threat feeds (e.g., IP

blacklists, known malware signatures, threat reports from platforms like
Open Threat Exchange).
 Security Logs: Historical data from security systems (e.g., intrusion
detection systems, firewall logs, access logs).
 User Input: Configuration details provided by system users (e.g., scope of
assessment, asset values, risk tolerance).

ii. Output:

 Raw Data: Raw threat intelligence feeds, security logs, and system
configuration details are processed and stored in the database for further
analysis.
 Data Preprocessing: Cleaned and structured data for risk modeling (e.g.,
parsing log files, standardizing threat feed formats).

iii. Database:

 Threat Intelligence Database: Stores structured data about threats,

vulnerabilities, and attack patterns.
 Security Logs Database: Stores historical security data, including event logs
from firewalls, intrusion detection systems, etc.
 System Configuration Database: Stores user inputs regarding asset details,
configurations, and preferences.

3.4 System Design:

Designing a Cybersecurity Risk Assessment System involves selecting appropriate

methodologies and tools to represent system components and processes effectively. For this
system, Unified Modeling Language (UML) diagrams are used to provide a structured and
visual representation of the system’s architecture and behavior.

13
Use Case Diagram A Use Case Diagram highlights the interaction between users
and the system.

Actors:

o Administrator: Configures settings, views reports.

o System User: Monitors risk alerts and applies mitigation strategies.
o External Threat Feed: Provides real-time threat data.

Use Cases:

 Perform Risk Assessment

 Monitor Threats
 View Mitigation Recommendations
 Configure System Parameters

Administrator

Perform Risk Assessment

Monitor Threats

Configure System Parameters

14
 CHAPTER FOUR

IMPLEMENTATION AND RESULTS PRESENTATION

4.1 System Requirements:
The software requirement specification is the essential role in the software
development stages

Software and Hardware Requirements

i Microprocessor: Intel(R) Core(TM)i5-6200U CPU @ 2.3 GHz

ii RAM: 4GB of RAM
iii Hard Disk: 1 terabytes (TB) on installation drive
Operating Systems:
 Windows 10 Pro 64 bits Operating System for developing this system.
Interface Design The interface design focuses on the layout of the entire
application that are actually visible to the users after deploying it into real time
environment. The interface design only shows the physical framework. .These is
depicted through a set of UML diagrams. These diagrams are data flow
diagrams, class diagrams, sequence diagram and entity relationship diagram.

Modular Design The modular design involves the process of classifying the
application elements into different sub-systems. The modular design of this
application is divided into collage details- which shows the important
notifications and activates in the college, student details- which shows student
performance track record and faculty details- which shows faculty personal and
professional details.

4.2 System Implementation:

This segment shows the hardware requirement of the system and software
requirement of the system respectively. For this feat to be achieved, an integrated,
highly efficient and effective Network Security for a Distributed Database is needed.

15
In implementing the system use Java NetBeans as front end and MYSQL database as
the back end.
4.3 Results presentation:
The section presents the results after the work is implemented. Results presentation
section discusses the findings in the study. This are presented in:

Figure 1: home page

Figure 2: Assessment interface

16
Figure 3: Result page

Figure 4: Saved result

17
Figure 5: print out of the result after assessment
4.4 System Evaluation/Testing (optional):
This is the process of confirming whether the new system is working according to
the specification. Testing are pertinent in this system, because it will minimize or
eliminate the errors in an online shopping system. This test will show exactly the
type of problems develop in the system in the processing of data and would also
indicate any problem in the respond time of the system. The process of testing the
system is to defect errors and debug them before it is delivered, installed and made
operational errors including bugs that cause system not to work according to
specifications.

4.5 System Documentation and Maintenance:

Documentation is a written record that describes the entire instruction development

and operation program about the new system. When a system is well documented,
the user finds it easier to use and understand when problem arises and provide
solutions to problems.
During the design stage of this system, the followings documentation was
considered;

18
  Program Documentation: Stock control system (SCS) and inventory
management is a program controlled by various program noodles which
are written using vs code.
 System Documentation: This is done at design time with the purpose of
aiding controls by providing a record of what has been developed and
what has been changed.
 User-Reference Documentation: This is the step-by step information guide
design to system were in carrying out task with new system.
To use the new system, the user has to follow the under listed instructions:
 Boot the computer to desktop environment
 Slot in the software into your CD drive, wait and follow the instruction for
installation.
 A welcome screen will appear showing author’s information like (name and
password) as well as the file of the software from which the user will check
“Login”.
 A login screen will appears, then the user is required to type or Keyin the “user
ID” and password”.
 From here, the program will open the main men where other sub menu are
attached.
Maintenance includes program update with time as need, debugging of the program,
repairs, hardware/software changes as need be for safety and management purposes,
anti-virus software should be installed before using the new system to avoid system
failure. This following are recommended: Air conditioner or fans should be provided
to help in cooling the system, Ups, voltage regulator (stabilizer), lightening arrestors,
automatic fine alarm and smoke detector is also recommended to maintain the
system.

4.6 Benefits of the System

It allow the client can walk to any of the designated banks anytime during banking
hours and make deposit into his/her account. The function the administrator can
perform is to create a client record, update payments and transactions, show record

19
of client currently registered and using the card. There are forms on different pages
of the application that makes the administrator achieve these functions.

20
 CHAPTER FIVE

SUMMARY, CONCLUSION AND RECOMMENDATION

5.1 Summary:

This study focused on the design and implementation of a cybersecurity risk

assessment system to enhance organizations' ability to identify, analyze, and
mitigate cybersecurity threats effectively. The study was motivated by the increasing
frequency and sophistication of cyberattacks, which require advanced tools for
proactive risk management. The research adopted a structured methodology that
included analyzing existing literature, identifying gaps in current systems, designing
a proposed system architecture, and validating its feasibility. Key components of the
proposed system included:

 A data-driven approach for collecting and analyzing threat intelligence and

security logs.
 Machine learning algorithms for classifying and prioritizing risks.
 Unified Modeling Language (UML) tools for system design, including
Activity Diagrams, Sequence Diagrams, and Use Case Diagrams.
 Implementation of databases for storing and managing security data, risks,
and mitigation strategies.

5.2 Conclusion:

In conclusion, the study successfully demonstrated the feasibility of designing a

cybersecurity risk assessment system that integrates advanced data analysis,
machine learning, and robust system architecture. The system addresses critical gaps
in existing risk assessment tools by:

 Providing a structured approach to risk identification and prioritization.

 Enabling real-time monitoring and alerts to manage emerging threats.

21
  Incorporating a scalable design that supports the addition of new data sources
and threat models.

The findings emphasize the importance of proactive risk assessment tools in

reducing vulnerabilities and ensuring organizational resilience against cyber threats.
The study also highlights the critical role of integrating technology with
organizational policies to create a holistic cybersecurity framework.

5.3 Recommendation:

Based on the study findings, the following recommendations are made:

1. Adoption of the Proposed System: Organizations should consider

implementing the proposed cybersecurity risk assessment system to enhance
their threat detection and mitigation capabilities.
2. Continuous Improvement:

 The system should be updated regularly with the latest threat

intelligence and machine learning models to maintain its
effectiveness.
 Incorporate feedback mechanisms to refine risk classification and
prioritization over time.

3. Integration with Existing Systems: The system should be integrated with

existing cybersecurity infrastructure, such as firewalls, intrusion detection
systems, and security information and event management (SIEM) tools, to
provide a unified defense mechanism.
4. Training and Awareness: Organizations should train their cybersecurity
teams to use the system effectively and create awareness among employees
about emerging cyber threats and safe practices.

22
23
24
 REFERENCES

(FBI), F. B. (2023). crime statistics estimated that a burglary occurs somewhere

every 26 seconds in the United States of America.

364666, G. (2018). classification method in system assets were identified based in

combination with system features and assessment demands. .

al., B. e. (2019). With increase in efficiency, it also introduces some new

complexities into the system that lead to cyber security problems .

Arduino. (2017). Integrated Development Environment (AIDE) and the C

programming language were used to program the microcontroller.

Borrelli. (2019). With increase in efficiency, it also introduces some new

complexities into the system that lead to cyber security problems.

by Oguntunde, O. O. (2018). which analyzed burglary crime rates in Nigeria

between 1999 and 2013, revealed burglary as having the second-largest
number of total reported crime cases.

Chao, S. &. (2017). Application security means many different things to many
different people.

chatgpt. (2024). Cybersecurity risk assessment is a critical component of modern

information security strategies, aimed at identifying and mitigating
vulnerabilities that can be exploited by cyber threats. .

Chatgpt, 2. m. (2024). In today’s digital age, the proliferation of technology and

interconnected systems has significantly increased the risks associated with
cybersecurity threats.

Cherdantseva, Y. P. (2016). it is necessary to conduct the cyber security risk

assessment for I&C systems of NPPs. In this work, a cybersecurity risk
assessment method is proposed based on a Chinese national standard GB/T
36466- 201.

gadda. (2019). Good cyber security readiness encompasses an understanding of risks

and threats to assets and information relevant to the organization and its
people, monitoring and detecting cyber security threats regularly, protecting
critical systems and information.

GB/T364666. (2018). classification method in and several threats that the industrial
control systems may face, .
25
26