Call for Paper - August 2022 Edition
IJCA solicits original research papers for the August 2022 Edition. Last date of manuscript submission is July 20, 2022. Read More

Managing Security Risks and Vulnerabilities in University's IT Threats Landscape

Print
PDF
IJCA Proceedings on National Conference on Contemporary Computing
© 2017 by IJCA Journal
NCCC 2016 - Number 1
Year of Publication: 2017
Authors:
Chanchala Joshi
Umesh Kumar Singh

Chanchala Joshi and Umesh Kumar Singh. Article: Managing Security Risks and Vulnerabilities in Universitys IT Threats Landscape. IJCA Proceedings on National Conference on Contemporary Computing NCCC 2016(1):10-14, April 2017. Full text available. BibTeX

@article{key:article,
	author = {Chanchala Joshi and Umesh Kumar Singh},
	title = {Article: Managing Security Risks and Vulnerabilities in Universitys IT Threats Landscape},
	journal = {IJCA Proceedings on National Conference on Contemporary Computing},
	year = {2017},
	volume = {NCCC 2016},
	number = {1},
	pages = {10-14},
	month = {April},
	note = {Full text available}
}

Abstract

The large and open networks of Universities are particularly vulnerable because they often have multiple overlapping public and private networks. The staff, faculty members or students with infected devices might connect with the Universities networks. Many labs also have devices into their networks that were never intended to be there, which opens up new avenues of attack. This paper analyzed the security threats evolve specifically in University's computing environment, and proposes risk management framework to guide security and risk executives through the process of network security management. The framework follows three phase activities: the first phase concentrates on the identification of the weak point in University's networks; the second phase quantitatively measures the security risk level of the University's networks; the third phase suggests plans for enhancing the security level of University's network environments. The proposed framework focuses on critical assets that are truly at risk.

References

  • Cisco Adaptive Threat Defense for Education Networks, whitepaper, Available : http://www. cisco. com/c/dam/en_us/solutions/industries/docs/higher_CampusSecure_defense_WP. pdf
  • C. Alberts, and A. Dorofee, "An Introduction to the OCTAVE Method. Software Engineering Institute", Carnegie Mellon University, USA, 2010.
  • C. Joshi and U. Singh, "A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System". International Journal of Advanced Research in Computer Science and Software Engineering (IJRCSSE) Volume 5, Issue 1, January 2015, pp 742-747.
  • C. Joshi C. and U. Singh, "ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies". International Journal of Computer Application (IJCA, 0975 – 8887), Volume 100, Issue 5, August 2014, pp 30-36.
  • B. Dixon, "Understanding the FAIR Risk Assessment", Nebraska CERT Conference 2009.
  • Guide for Applying the Risk Management Framework to Federal Information Systems, U. S. Department of Commerce, February 2010.
  • Prioritizing Information Security Risks with Threat Agent Risk Assessment, whitepaper, February 2010.
  • C. Joshi and U. Singh, "Analysis of Vulnerability Scanners in Quest of Current Information Security Landscape" International Journal of Computer Application (IJCA, 0975 – 8887), Volume 145 No 2, July 2016, pp. 1-7.
  • C. Joshi, and U. K Singh, "Performance Evaluation of Web Application Security Scanners for More Effective Defense" International Journal of Scientific and Research Publications (IJSRP), Volume 6, Issue 6, June 2016, ISSN 2250-3153, pp 660-667.
  • CVSS v3. 0 specification document, Available: https://www. first. org/cvss/specification-document.
  • P. Mell, K. Scarfone, and S. Romanosky, "CVSS: A complete Guide to the Common Vulnerability Scoring System Version 2. 0", Forum of Incident Response and Security Teams (FIRST), 2007.
  • R. Marchany, "Higher Education: Open and Secure", A SANS Analyst Survey, June 2014.
  • Overview of Vulnerability Scanners, whitepaper, Available: http://www. infosec. gov. hk/english/technical/files/vulnerability. pdf.
  • U. K. Singh and C. Joshi, "A Framework for Security Risk Level Measures Using CVSS for Vulnerability Categories", accepted in ICCCNS 2016: 18th International Conference on Computer Communications and Networks Security.
  • U. K. Singh and C. Joshi, "Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit", The World Congress on Engineering and Computer Science (WCECS 2016) San Francisco, USA.
  • U. K. Singh, and C. Joshi, "Measurement of Security Dangers in University Network", International Journal of Computer Applications, Volume 155, Issue1, pp. 6-10, December 2016.