Information Security Management for Higher Education Institutions

Information security aims at protecting the information assets of an organization from any unauthorized access, disclosure and destruction. For information security to be effectively enforced, good management practices comprising policies and controls should be established. This paper investigates the information security management for higher education institutions. Based on the conventional CIA (confidentiality, integrity and availability) triad of information, eight control areas on information security are identified. They include information asset controls, personnel controls, physical controls, access controls, communication controls, operation controls, information system controls, and incident management and business continuity. A governance framework is important for establishing the policies and executing the controls of information security. It is necessary to maintain a right balance between the technical feasibility and the flexibility and efficiency in administration.

[1]  Yacine Rezgui,et al.  Information security awareness in higher education: An exploratory study , 2008, Comput. Secur..

[2]  Hung-Min Sun,et al.  Eliminating rouge femtocells based on distance bounding protocol and geographic information , 2014, Expert Syst. Appl..

[3]  James M. Anderson,et al.  Why we need a new definition of information security , 2003, Comput. Secur..

[4]  Richard H. Baker,et al.  The computer security handbook , 1985 .

[5]  Qigang Gao,et al.  An overview on web security threats and impact to e-commerce success , 2012, 2012 International Conference on Information Technology and e-Services.

[6]  Simon K. S. Cheung,et al.  A Review of e-Learning Platforms in the Age of e-Learning 2.0 , 2009, ICHL.

[7]  Min-Shiang Hwang,et al.  Challenges in E-Government and Security of Information , 2004 .

[8]  Donn B. Parker,et al.  Toward a New Framework for Information Security , 2015 .

[9]  Dawn Xiaodong Song,et al.  Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[10]  Thomas Peltier,et al.  Information Security Policies and Procedures: A Practitioner's Reference, Second Edition , 2004 .

[11]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[12]  Cyril Onwubiko,et al.  A Security Audit Framework for Security Management in the Enterprise , 2009 .

[13]  Hung-Min Sun,et al.  A Scalable Transitive Human-Verifiable Authentication Protocol for Mobile Devices , 2013, IEEE Transactions on Information Forensics and Security.

[14]  Fu Lee Wang,et al.  Hybrid Learning and Education, First International Conference, ICHL 2008, Hong Kong, China, August 13-15, 2008, Proceedings , 2008, ICHL.

[15]  Ali G. Hessami,et al.  Global Security, Safety, and Sustainability , 2009 .

[16]  Thomas Peltier Information Security: Policies and Procedures: A Practitioner's Reference , 1998 .

[17]  Bel G. Raggad Information Security Management: Concepts and Practice , 2010 .

[18]  King Sing Cheung A comparison of WebCT, blackboard and moodle for the teaching and learning of continuing education courses , 2006 .

[19]  Soongoo Hong,et al.  Information Security Policy Compliance in Higher Education: A Neo-Institutional Perspective , 2013, PACIS.