Information Security Risk Management Framework for University Computing Environment

Today’s universities are on the forefront of technological advancement which makes University’ computing environment vulnerable because of its large open networks. This paper analyzed the security threats specifically evolve in University’s network, and with consideration of these issues, proposed risk assessment framework for University computing environment. The proposed framework reduces the risk of security breach by supporting three phase activities; the first phase assesses the threats and vulnerabilities in order to identify the weak point in educational environment, the second phase focuses on the highest risk and create actionable remediation plan, the third phase of risk assessment model recognizes the vulnerability management compliance requirement in order to improve University’s security position. The proposed framework is applied on Vikram University Ujjain India’s, computing environment and the evaluation result showed the proposed framework enhances the security level of University campus network. This model can be used by risk analyst and security manager of University to perform reliable and repeatable risk analysis in realistic and affordable manner.

[1]  Angshuman Jana,et al.  On Preventing SQL Injection Attacks , 2015, ACSS.

[2]  Yassine Sadqi,et al.  Strong Zero-knowledge Authentication Based on Virtual Passwords , 2016, Int. J. Netw. Secur..

[3]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[4]  Jitendra Singh,et al.  Cyber-Attacks in Cloud Computing: A Case Study , 2014 .

[5]  Umesh Singh,et al.  ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies , 2014 .

[6]  Umesh Singh,et al.  Measurement of Security Dangers in University Network , 2016 .

[7]  David Kennedy,et al.  Metasploit: The Penetration Tester's Guide , 2011 .

[8]  Umesh Singh,et al.  Information Security Assessment by Quantifying Risk Level of Network Vulnerabilities , 2016 .

[9]  U. Singh,et al.  Performance Evaluation of Web Application Security Scanners for More Effective Defense , 2016 .

[10]  Umesh Singh,et al.  Quantifying Security Risk by Critical Network Vulnerabilities Assessment , 2016 .

[11]  Deris Stiawan,et al.  Penetration Testing and Mitigation of Vulnerabilities Windows Server , 2016, Int. J. Netw. Secur..

[12]  Jackson Wynn Threat Assessment and Remediation Analysis (TARA) , 2014 .

[13]  Umesh Kumar Singh,et al.  Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit , 2016 .

[14]  Kapil Tarey,et al.  A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System , 2015 .

[15]  Lakshmana Pandian Cross Site Request Forgery : Preventive Measures , 2014 .