Aim Higher College is a fictitious institution located in the United States. The college offers undergraduate and graduate courses in domains, such as business management, information security, and nursing. Imagine that you have a new job at Aim Higher College as an information security analyst. Throughout this course, you will analyze the threats and vulnerabilities of Aim Higher College and recommend controls to secure the college’s information systems.
It is your first day at the job in the information security department, and you are called for a meeting. In the meeting the need for strengthening the information security for the college is discussed, and everyone agrees that the first step in this direction is to identify the top five threats that are a potential risk to Aim Higher College.
The college’s administrative staff and faculty run the latest version of Microsoft Windows on their primary workstations, whereas students’ laptops may run Windows or macOS. The college’s web servers run on Linux; however, all other servers are Windows Server-based. Student, staff, and faculty mobile devices, such as tablets and smartphones, run on iOS or Android; all mobile devices can connect to the campus network.
You have been given the responsibility to determine the top five threats that Aim Higher College faces. You asked your supervisor for support in this task and he gave you the following resources that might be useful in your research and analysis:
Microsoft Security Advisories and Bulletins (https://docs.microsoft.com/en-us/security-updates/)
Common Vulnerabilities and Exposure (CVE) database search (http://cve.mitre.org/find/index.html)
Security organizations, such as Secunia (http://secunia.com/)
Your supervisor has also asked you to consider the following questions as you shortlist the threats:
What threats are new this year, and which have become more prevalent?
Why are these threats more common and why are they important?
What threats remain constant from year to year? Why?
What threats do you believe will become more critical in the next 12 months? Why?
What is the likelihood of an exploit affecting Aim Higher College, and which operating system(s) does it target?
With these considerations in mind, write a summary report of the top five threats to Aim Higher College. Briefly explain why you have selected them and what effect they might have on the institution or its students, employees, graduates, or other communities on campus.