During a recent cyber security audit of the institutional grade management system OARS, a number of cyber attacks were identified some of which have grave implications. Some of the cyber-attacks were so simple to carry out, that any person without having a password authentication could change grades of students during a certain period during the finals week (Lack of Integrity). Also, the same attacks could reveal grades of students to anyone (Lack of Confidentiality). Further, grading or change of grades are not attributable to any one, thereby making it impossible to find out if a change has been made, and if so, who might have made the changes (Lack of non-repudiation).
This proposal aims to create a software system that has a web-based front-end for instructors to enter grades for their courses, the dean's office to create grade reports for students, administrative personnel to update grades when a grade change request is initiated, and students to check their grades.