International Journal of Computer Applications (0975 – 8887) Volume 155 – No 1, December 2016 6 Measurement of Security Dangers in University Network Umesh Kumar Singh Institute of Computer Science Vikram University Ujjain, M.P. India Chanchala Joshi Institute of Computer Science Vikram University, Ujjain, M.P. India Neha Gaud Institute of Computer Science Vikram University, Ujjain, M.P. India ABSTRACT Today’s universities are on the forefront of technological advancement which makes University’s computing environment particularly vulnerable because in contrast to hacking targets like banks and others, college and university computing environments are often large open networks. This paper assessed the security threats evolve specifically in University’s information technology environment; and proposes risk management framework for University computing environment, to guide security and risk executives through the process of network security management. The proposed model lower the risk of security breach by supporting three phase activities; the first phase identified the threats and vulnerabilities in order to know the weak point in educational environment, the second phase focuses on the highest risk which means it prioritize what matters most and create actionable remediation plan, the third phase of risk assessment model recognizes the vulnerability management compliance requirement in order to improve organization’s security position. The proposed framework can be applied to any higher educational organization or University’s IT environments; it enables Universities to stay a step ahead of security threats and also to get more value from their security budget, by focusing on critical assets that are truly at risk Keywords CVSS; security risk; security threats; university campus network; vulnerability 1. INTRODUCTION With increasing development of Information Technology, computing and network applications have become an integral part of universities environment. Today’s universities are on the forefront of technological advancement. The greater access to technology results in valuable learning environment, on the other hand can also results vulnerable computing environment with more security threats. University campuses are proving themselves to be some of the most technologically advanced places in the world by providing facilities like extensive Wi-Fi support, online learning using lecture capture software, digital library, classroom virtualization, web conferencing etc. All these advancement makes University’s computing environment particularly vulnerable because in contrast to hacking targets like banks, college and university computing environments are often large open networks. Protecting open large university campus against constantly evolving threats and vulnerabilities presents major challenges. On the other hand, the open computing university environment also supports diverse users; mainly the three distinct types of users of university are students, faculty and administration. Each of the user accesses university computing environment with varying level of university resources. Therefore, University campus network must not only provide the secure access to users but also defend them from vulnerabilities and security breaches. In the large University campus network there is need of improving risk posture and security effectiveness. It requires identification of operationally critical threats, assessment of vulnerabilities for measurement of risk level by continuous network monitoring of University campus network. This paper proposes Quantitative Information Security Risk Assessment Model designed specifically for University computing environment, with the consideration of security dangers presents in large open campus network of University. The proposed model quantitatively measures the security risks by identifying potential threats and information processes within Universities network configuration. This model can be used by risk analyst and security manager of University to perform reliable and repeatable risk analysis in realistic and affordable manner. 2. SECURITY DANGERS IN UNIVERSITY NETWORK An open and diverse environment is a standard requirement in higher education. University computing environment is setup by academics for academics, not aware of security challenges and dangers. Therefore under most circumstances, universities computing environment are strapped for resources to manage the equilibrium between openness and security against malware and sensitive data exfiltration. Some major issues while managing University campus security are:  Open Campus: An infection originating in just a single computer can propagate a worm or virus through the entire campus network within minutes [1]. E.g., the “Slammer” worm was able to infect 90 percent of vulnerable hosts in most networks within 10 minutes. If such attacks do not destroy or steal data, they often cause storms of excess traffic and seriously impair an institution’s ability to function, resulting in downtime and lost classroom time. In addition, IT administrators in education are challenged to provide robust protection of critical IP applications, while preserving an inherently open network demanded in a college or university environment.  Large Network Environment: Universities have large campus span ranging from few kilometer to acres, securing such a huge network is challenging task. Along with the large network environment constantly changing technologies increases the data protection pressures.  Diverse Users: Universities mainly have three distinct types of users of university are students, faculty and administration. Each of the user accesses university computing environment with varying level of university resources. The unique ways students, professors and administrators use the Internet that jeopardizes Universities networks.