Enhancing Security and Privacy in Credit Transfer Application Systems: A Proposed Framework

Abstract

Automated credit transfer systems in higher education offer substantial efficiency improvements but also introduce critical data security and confidentiality challenges. This paper addresses the current security vulnerabilities in the Universiti Poly-Tech Malaysia (UPTM) prototype of the Credit Transfer Application System (CTAS), which lacks essential security features such as user authentication, role-based authorization and encrypted data protection. To address these issues, this study proposes a secure academic data management framework incorporating secure user authentication, role-based access control, encrypted database storage and secure HTTPS communication protocols. The research methodology includes comprehensive security requirement analysis, detailed system architecture design, and the development of a validation plan comprising system simulation, penetration testing, performance evaluation, and compliance assessment to be conducted in future work. The proposed framework is expected to strengthen system access control, improve user accountability, enhance data privacy, and facilitate alignment with Malaysia’s Personal Data Protection Act (PDPA). This study presents a practical and scalable security solution that can guide future system enhancements and deployment, providing a strong foundation for safeguarding academic data and supporting potential cross-institutional credit transfer initiatives. Additionally, the framework contributes to improving institutional credibility, ensuring data protection best practices and promoting digital transformation in academic processes in higher education.