The large and open networks of Universities are particularly vulnerable because they often have multiple overlapping public and private networks. The staff, faculty members or students with infected devices might connect with the Universities networks. Many labs also have devices into their networks that were never intended to be there, which opens up new avenues of attack. This paper analyzed the security threats evolve specifically in University's computing environment, and proposes risk management framework to guide security and risk executives through the process of network security management. The framework follows three phase activities: the first phase concentrates on the identification of the weak point in University's networks; the second phase quantitatively measures the security risk level of the University's networks; the third phase suggests plans for enhancing the security level of University's network environments. The proposed framework focuses on critical assets that are truly at risk.

1. Cisco Adaptive Threat Defense for Education Networks, whitepaper, Available : http://www. cisco. com/c/dam/en_us/solutions/industries/docs/higher_CampusSecure_defense_WP. pdf
2. C. Alberts, and A. Dorofee, "An Introduction to the OCTAVE Method. Software Engineering Institute", Carnegie Mellon University, USA, 2010.
3. C. Joshi and U. Singh, "A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System". International Journal of Advanced Research in Computer Science and Software Engineering (IJRCSSE) Volume 5, Issue 1, January 2015, pp 742-747.
4. C. Joshi C. and U. Singh, "ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies". International Journal of Computer Application (IJCA, 0975 – 8887), Volume 100, Issue 5, August 2014, pp 30-36.
5. B. Dixon, "Understanding the FAIR Risk Assessment", Nebraska CERT Conference 2009.
6. Guide for Applying the Risk Management Framework to Federal Information Systems, U. S. Department of Commerce, February 2010.
7. Prioritizing Information Security Risks with Threat Agent Risk Assessment, whitepaper, February 2010.
8. C. Joshi and U. Singh, "Analysis of Vulnerability Scanners in Quest of Current Information Security Landscape" International Journal of Computer Application (IJCA, 0975 – 8887), Volume 145 No 2, July 2016, pp. 1-7.
9. C. Joshi, and U. K Singh, "Performance Evaluation of Web Application Security Scanners for More Effective Defense" International Journal of Scientific and Research Publications (IJSRP), Volume 6, Issue 6, June 2016, ISSN 2250-3153, pp 660-667.
10. CVSS v3. 0 specification document, Available: https://www. first. org/cvss/specification-document.
11. P. Mell, K. Scarfone, and S. Romanosky, "CVSS: A complete Guide to the Common Vulnerability Scoring System Version 2. 0", Forum of Incident Response and Security Teams (FIRST), 2007.
12. R. Marchany, "Higher Education: Open and Secure", A SANS Analyst Survey, June 2014.
13. Overview of Vulnerability Scanners, whitepaper, Available: http://www. infosec. gov. hk/english/technical/files/vulnerability. pdf.
14. U. K. Singh and C. Joshi, "A Framework for Security Risk Level Measures Using CVSS for Vulnerability Categories", accepted in ICCCNS 2016: 18th International Conference on Computer Communications and Networks Security.
15. U. K. Singh and C. Joshi, "Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit", The World Congress on Engineering and Computer Science (WCECS 2016) San Francisco, USA.
16. U. K. Singh, and C. Joshi, "Measurement of Security Dangers in University Network", International Journal of Computer Applications, Volume 155, Issue1, pp. 6-10, December 2016.

Cvss Security Risk Security Threats University Campus Network Vulnerability