GuardNet: An Architecture Based on NIST v2.0 for Confidential Data Protection in Higher Education Institutions in Peru

Brian Linan-Acosta; Oscar Bazalar-Gonzales; Jose Santisteban

doi:10.48084/etasr.12978

Authors

Brian Linan-Acosta Information Systems Engineering Department, Universidad Peruana de Ciencias Aplicadas (UPC), Lima, Peru
Oscar Bazalar-Gonzales Information Systems Engineering Department, Universidad Peruana de Ciencias Aplicadas (UPC), Lima, Peru
Jose Santisteban Information Systems Engineering Department, Universidad Peruana de Ciencias Aplicadas (UPC), Lima, Peru https://orcid.org/0000-0003-4526-642X

Volume: 15 | Issue: 6 | Pages: 28977-28985 | December 2025 | https://doi.org/10.48084/etasr.12978

Received: 27 June 2025 | Revised: 3 August 2025 and 22 August 2025 | Accepted: 2 September 2025 | Online: 7 October 2025

Corresponding author: Jose Santisteban

Abstract

In recent years, educational institutions have been frequent targets of cyberattacks that compromise the integrity, confidentiality, and availability of their digital assets. Despite the growing threat, many of these institutions lack effective prevention mechanisms. In this study, we designed an architecture called GuardNet, which is based on the National Institute of Standards and Technology (NIST) v2.0 framework and inspired by a comprehensive review of existing cybersecurity frameworks to enhance the protection of confidential data in higher education institutions. The architecture includes a virtual firewall, an Intrusion Prevention System (IPS), and an anomaly-based detection method to identify malicious traffic or data within the network. Following this implementation, the architecture was assessed based on expert opinions and feedback from the IT staff of a Peruvian higher education institution. The results indicated a satisfactory score of 4.5 from the experts and a score of 70 on the System Usability Scale (SUS) questionnaire administered to the IT staff. Both assessments used a Likert scale, demonstrating the feasibility and usability of the proposed solution. The findings highlight that the GuardNet architecture, designed to protect confidential data, has strong potential for addressing the cybersecurity vulnerabilities of higher education institutions in Latin America. However, its implementation may face challenges related to resource availability and technical expertise.

Keywords:

cyberattack, cybersecurity, architecture, institution, education

Downloads

Download data is not yet available.

References

N. Mishra and S. Pandya, "Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review," IEEE Access, vol. 9, pp. 59353–59377, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3073408

A. S. A. AL-Ghamdi, M. Ragab, M. F. S. Sabir, A. Elhassanein, and A. A. Gouda, "Optimized Artificial Neural Network Techniques to Improve Cybersecurity of Higher Education Institution," Computers, Materials & Continua, vol. 72, no. 2, pp. 3385–3399, Mar. 2022. DOI: https://doi.org/10.32604/cmc.2022.026477

A. Kumar, K. Abhishek, M. R. Ghalib, A. Shankar, and X. Cheng, "Intrusion detection and prevention system for an IoT environment," Digital Communications and Networks, vol. 8, no. 4, pp. 540–551, Aug. 2022. DOI: https://doi.org/10.1016/j.dcan.2022.05.027

"Magic Quadrant for Intrusion Detection and Prevention Systems – Practech." Practech. https://practech.vn/tin-tuc-su-kien/magic-quadrant-for-intrusion-detection-and-prevention-systems.

M. Reyna and V. Hugo, "Cybersecurity model to improve information technology management in a public Higher Technological Institute, Lima - 2021," M.S. thesis, Faculty of Engineering, Cesar Vallejo University, Lima, Peru, 2022.

R. Bocu and M. Iavich, "Real-Time Intrusion Detection and Prevention System for 5G and beyond Software-Defined Networks," Symmetry, vol. 15, no. 1, Jan. 2023, Art. no. 110. DOI: https://doi.org/10.3390/sym15010110

M. Pedrera Suen, "Intrusion Prevention System for Nova Servers 7," B.S. thesis, University of Computer Sciences, Havana, Cuba, 2020.

D. Selva, B. Nagaraj, D. Pelusi, R. Arunkumar, and A. Nair, "Intelligent Network Intrusion Prevention Feature Collection and Classification Algorithms," Algorithms, vol. 14, no. 8, Aug. 2021, Art. no. 224. DOI: https://doi.org/10.3390/a14080224

M. Chauhan and S. Shiaeles, "An Analysis of Cloud Security Frameworks, Problems and Proposed Solutions," Network, vol. 3, no. 3, pp. 422–450, Sep. 2023. DOI: https://doi.org/10.3390/network3030018

A. Mahn, J. Marron, S. Quinn, and D. Topper, "Getting started with the NIST Cybersecurity Framework : a quick start guide," National Institute of Standards and Technology (U.S.), Gaithersburg, MD, USA, NIST SP 1271, Aug. 2021. DOI: https://doi.org/10.6028/NIST.SP.1271

A. Cooper, "Mind the Security Gap : Evaluating the Effectiveness of the UK Cyber Essentials Scheme and its Suitability for Large Enterprises," M.S. thesis, Department of Computing and Information Sciences, University of Strathclyde, Glasgow, UK, 2023.

K. Renaud and J. Ophoff, "A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs," Organizational Cybersecurity Journal: Practice, Process & People, vol. 1, no. 1, pp. 24–46, Jul. 2021. DOI: https://doi.org/10.1108/OCJ-03-2021-0004

H. M. Melaku, "A Dynamic and Adaptive Cybersecurity Governance Framework," Journal of Cybersecurity and Privacy, vol. 3, no. 3, pp. 327–350, Sep. 2023. DOI: https://doi.org/10.3390/jcp3030017

A. Efe, "A comparison of key risk management frameworks: COSO-ERM, NIST RMF, ISO 31.000, COBIT," Journal of Auditing and Assurance Services, vol. 3, no. 2, pp. 185–205, Jul. 2023.

A. Y. Abohatem, F. M. M. Ba-Alwi, and A. A. Al-Khulaidi, "Suggestion Cybersecurity Framework (CSF) for Reducing Cyber-Attacks on Information Systems," Sana’a University Journal of Applied Sciences and Technology, vol. 1, no. 3, pp. 234–252, Sep. 2023. DOI: https://doi.org/10.59628/jast.v1i3.248

P. Alzuri, F. Cabral Berenfus, S. Paz, A. Nowersztern, and P. Libedinsky, "Protecting Digital Healthcare - A Cybersecurity Guide for the Healthcare Sector," IDB Publications, Oct. 2021. DOI: https://doi.org/10.18235/0003741

G. Ahn, K. Kim, W. Park, and D. Shin, "Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework," Applied Sciences, vol. 12, no. 21, Nov. 2022, Art. no. 10761. DOI: https://doi.org/10.3390/app122110761

Y. Jo, O. Choi, J. You, Y. Cha, and D. H. Lee, "Cyberattack Models for Ship Equipment Based on the MITRE ATT&CK Framework," Sensors, vol. 22, no. 5, Mar. 2022, Art. no. 1860. DOI: https://doi.org/10.3390/s22051860

H. Taherdoost, "Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview," Electronics, vol. 11, no. 14, Jul. 2022, Art. no. 2181. DOI: https://doi.org/10.3390/electronics11142181

N. Sun et al., "Defining Security Requirements With the Common Criteria: Applications, Adoptions, and Challenges," IEEE Access, vol. 10, pp. 44756–44777, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3168716

D. Fucci, E. Alégroth, M. Felderer, and C. Johannesson, "Evaluating software security maturity using OWASP SAMM: Different approaches and stakeholders perceptions," Journal of Systems and Software, vol. 214, Aug. 2024, Art. no. 112062. DOI: https://doi.org/10.1016/j.jss.2024.112062

E. Seid, O. Popov, and F. Blix, "Security Attack Behavioural Pattern Analysis for Critical Service Providers," Journal of Cybersecurity and Privacy, vol. 4, no. 1, pp. 55–75, Mar. 2024. DOI: https://doi.org/10.3390/jcp4010004

T. Hegde, J. Gangl, S. Babenko, and J. Coffman, "Cloud Security Frameworks: A Comparison to Evaluate Cloud Control Standards," in Proceedings of the IEEE/ACM 16th International Conference on Utility and Cloud Computing, Taormina, Italy, 2023, pp. 1–6. DOI: https://doi.org/10.1145/3603166.3632553

A. Alexei, "Implementing Design Science Research Method to Develop a Cyber Security Framework for HEIs in Moldova," in The 11th International Conference on Electronics, Communications and Computing, Chisinau, Moldova, 2021, pp. 228–231.

X. Hu, D. Cheng, J. Chen, X. Jin, and B. Wu, "Multiontology Construction and Application of Threat Model Based on Adversarial Attack and Defense Under ISO/IEC 27032," IEEE Access, vol. 10, pp. 117955–117972, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3220637

V. Shypovskyi, "Enhancing the factor analysis of information risk methodology for assessing cyberresilience in critical infrastructure information systems," Political Science and Security Studies Journal, vol. 4, no. 1, pp. 25–33, Mar. 2023.

R. Sasidharan, "A Case Study to Implement Windows System Hardening using CIS Controls," International Journal of Computer Trends and Technology - IJCTT, vol. 70, no. 7, pp. 1–7, Jul. 2022. DOI: https://doi.org/10.14445/22312803/IJCTT-V70I7P101

A. K. Makhija, "SOC for Cybersecurity & SOC 2® for Service Organizations – An empirical study on industry’s perspective," Journal of Accounting, Finance, Economics, and Social Sciences, vol. 6, no. 2, pp. 19–29, Dec. 2021. DOI: https://doi.org/10.62458/jafess.160224.6(2)19-29

L. Ramírez Quevedo, "Defense Technologies Against Threat Intelligence and Cyberattacks," InnDev, vol. 3, no. 1, pp. 127–141, Apr. 2024. DOI: https://doi.org/10.69583/inndev.v3n1.2024.94

S. W. Nourildean, W. Mefteh, and A. M. Frihida, "DTXG-RF-based Intrusion Detection System for Artificial IoT Cyber Attacks," Engineering, Technology & Applied Science Research, vol. 15, no. 1, pp. 19610–19614, Feb. 2025. DOI: https://doi.org/10.48084/etasr.9464

A. J. Alhasan and N. Surantha, "Evaluation of Data Center Network Security based on Next-Generation Firewall," International Journal of Advanced Computer Science and Applications, vol. 12, no. 9, pp. 518–525, Sep. 2021. DOI: https://doi.org/10.14569/IJACSA.2021.0120958

S. H. Abbas, W. A. K. Naser, and A. A. Kadhim, "Subject review: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)," Global Journal of Engineering and Technology Advances, vol. 14, no. 2, pp. 155–158, Feb. 2023. DOI: https://doi.org/10.30574/gjeta.2023.14.2.0031

W. Yeoh, M. Liu, M. Shore, and F. Jiang, "Zero trust cybersecurity: Critical success factors and A maturity assessment framework," Computers & Security, vol. 133, Oct. 2023, Art. no. 103412. DOI: https://doi.org/10.1016/j.cose.2023.103412

R. Alnafrani and D. Wijesekera, "An Automated Framework for Generating Attack Graphs Using Known Security Threats," in 2022 10th International Symposium on Digital Forensics and Security, Istanbul, Turkey, 2022, pp. 1–6. DOI: https://doi.org/10.1109/ISDFS55398.2022.9800833

A. Rivera Camaqui and E. F. Paniura Valencia, "Proposal for a Cybersecurity Program based on the integration of the NIST CSF 1.0 framework and the ISO 27001 Standard for the Higher Education Sector," M.S. thesis, Peruvian University of Applied Sciences, Lima, Peru, 2025.

R. Egusquiza and H. Natividad, "Design of a Cybersecurity Program based on the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), using ISO/IEC 27001:2013 for electric distribution companies in Peru," B.S. thesis, Faculty of Engineering, Peruvian University of Applied Sciences, Lima, Peru, 2023.

C. R. Q. Lezama, "Cyberdefense and cybersecurity in Peru: reality and challenges surrounding the Armed Forces’ capacity to neutralize cyberattacks that threaten national security," Revista de Ciencia e Investigación en Defensa, vol. 4, no. 1, pp. 55–76, Feb. 2023. DOI: https://doi.org/10.58211/recide.v4i1.99