Today’s universities are on the forefront of technological advancement which makes University’s computing environment particularly vulnerable because in contrast to hacking targets like banks and others, college and university computing environments are often large open networks. This paper assessed the security threats evolve specifically in University’s information technology environment; and proposes risk management framework for University computing environment, to guide security and risk executives through the process of network security management. The proposed model lower the risk of security breach by supporting three phase activities; the first phase identified the threats and vulnerabilities in order to know the weak point in educational environment, the second phase focuses on the highest risk which means it prioritize what matters most and create actionable remediation plan, the third phase of risk assessment model recognizes the vulnerability management compliance requirement in order to improve organization’s security position. The proposed framework can be applied to any higher educational organization or University’s IT environments; it enables Universities to stay a step ahead of security threats and also to get more value from their security budget, by focusing on critical assets that are truly at risk
[1]
Joint Task Force Transformation Initiative.
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
,
2014
.
[2]
Umesh Singh,et al.
ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies
,
2014
.
[3]
U. Singh,et al.
Performance Evaluation of Web Application Security Scanners for More Effective Defense
,
2016
.
[4]
Kapil Tarey,et al.
A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System
,
2015
.
[5]
Umesh Kumar Singh,et al.
Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit
,
2016
.
[6]
Chanchala Joshi,et al.
A Framework for Security Risk Level Measures Using CVSS for Vulnerability Categories
,
2016
.