Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Annals of Telecommunications
Erschienen in: Annals of Telecommunications 3-4/2021

25.07.2020

Information security management frameworks and strategies in higher education institutions: a systematic review

verfasst von: Jorge Merchan-Lima, Fabian Astudillo-Salinas, Luis Tello-Oquendo, Franklin Sanchez, Gabriel Lopez-Fonseca, Dorys Quiroz

Erschienen in: Annals of Telecommunications | Ausgabe 3-4/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Effective information security management (ISM) practices to protect the information assets of organizations from security intrusions and attacks is imperative. In that sense, a systematic literature review of academic articles focused on ISM in higher education institutions (HEIs) is conducted. For this purpose, an empirical study was performed. Studies carried out from 2012 onward reporting results from HEIs data that perform the ISM through various means, such as a set of framework functions, implementation phases, infrastructure services, and securities to their assets, have been explored. The articles found were then analyzed following a methodological procedure consisting of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. A set of competencies, resources, directives, and strategies that contribute to designing and to developing an ISM framework (ISMF) for HEIs is identified based on standards such as ISO 27000, COBIT, ITIL, NIST, and EDUCAUSE. This study introduces a strategic reference that guides HEIs on the development of an ISMF and provides recommendations that should be considered for its implementation in an era of ever-evolving security threats.
Vorheriger Artikel Understanding cyberbullying as an information security attack—life cycle modeling

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
2.
3.
González-Martínez J, Bote-Lorenzo ML, Gómez-Sánchez E, Cano-Parra R (2015) Cloud computing and education: a state-of-the-art survey. Comput Educ 80:132–151CrossRef
4.
Carlton M P, Wyrick P, Frederique N, Lopez B (2017) States’ roles in keeping schools safe: opportunities and challenges for state school safety centers and other actors. National Institute of Justice Report. National Institute of Justice
5.
Dahlstrom E, Bichsel J (2014) Ecar study of undergraduate students and information technology. In: Educause, 2014
6.
Ponemon L (2017) Cost of data breach study. Ponemon Institute
7.
Smyth G (2017) Using data virtualisation to detect an insider breach. Comput Fraud Secur 2017 (8):5–7CrossRef
8.
McRobbie MA, Wheeler B (2010) Three insights for presidents and cios. EDUCAUSE Rev 45(3):8–9
9.
Eloff J H P, Eloff M M (2005) Information security architecture. Comput Fraud Secur 2005 (11):10–16CrossRef
10.
Disterer G (2013) ISO/IEC 27000, 27001 and 27002 for information security management. J Inf Secur
11.
Khther R A, Othman M (2013) Cobit framework as a guideline of effective it governance in higher education: a review. Int J Inf Technol Converg Serv 3(1):21
12.
Office of Government Commerce Großbritannien (2007) The official introduction to the ITIL service lifecycle TSO,(The Stationary Office)
13.
14.
Newhouse W, Keith S, Scribner B, Witte G (2017) National Initiative for Cybersecurity Education (NICE) cybersecurity workforce framework. NIST Special Publ 800:181
15.
Kitchenham B (2004) Procedures for performing systematic reviews. Keele, UK, Keele University 33(2004):1–26
16.
Grajek S (2018) Top 10 it issues, 2018: the remaking of higher education. In: EDUCAUSE review, 2018. EDUCAUSE, pp 55–62
17.
Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci IJECSIJENS 11(5):23–29
18.
Hentea M, Dhillon HS, Dhillon M (2006) Towards changes in information security education. J Inf Technol Educ: Res 5(1):221–233
19.
Asosheh A, Hajinazari P, Khodkari H (2013) A practical implementation of isms. In: 7th international conference on e-commerce in developing countries: with focus on e-security. IEEE, pp 1–17
20.
Suwito MH, Matsumoto S, Kawamoto J, Gollmann D, Sakurai K (2016) An analysis of it assessment security maturity in higher education institution. In: Information science and applications (ICISA) 2016. Springer, pp 701–713
21.
Mumtaz N (2015) Analysis of information security through asset management in academic institutes of Pakistan. In: International conference on information and communication technologies (ICICT). IEEE, p 2015
22.
Joshi C, Singh UK (2017) Information security risks management framework—a step towards mitigating security risks in university network. J Inf Secur Appl 35:128–137
23.
Suroso JS, Fakhrozi MA (2018) Assessment of information system risk management with octave allegro at education institution. Procedia Comput Sci 135:202–213CrossRef
24.
Yustanti W, Qoiriah A, Bisma R, Prihanto A (2018) An analysis of indonesia’s information security index: a case study in a public university. In: IOP conference series: materials science and engineering, vol 296. IOP Publishing, p 012038
25.
Bianchi IS, Sousa RD, Pereira R (2017) It governance mechanisms at universities: an exploratory study. In: Strategic and competitive use of information technology (SCUIT)
26.
Valencia-Duque FJ, Orozco-Alzate M (2017) Metodología para la implementación de un Sistema de Gestión de Seguridad de la Información basado en la familia de normas ISO/IEC 27000. In: RISTI - Revista Ibérica de Sistemas e Tecnologias de Informação, pp 73–88, 06
27.
Sarwar A, Khan MN (2013) A review of trust aspects in cloud computing security. Int J Cloud Comput Serv Sci 2(2):116
28.
Popović K, Hocenski ž (2010) Cloud computing security issues and challenges. In: The 33rd international convention MIPRO. IEEE, pp 344–349
29.
Younis YA, Kifayat K (2013) Secure cloud computing for critical infrastructure: a survey. Liverpool John Moores University, United Kingdom, Tech. Rep.
30.
Zhang X, Wuwong N, Li H, Zhang X (2010) Information security risk management framework for the cloud computing environments. In: 2010 10th IEEE international conference on computer and information technology. IEEE, pp 1328–1334
31.
Peltier TR (2016) Information security policies, procedures, and standards: guidelines for effective information security management. Auerbach Publications
32.
Jerman-Blažič B et al (2012) Quantitative model for economic analyses of information security investment in an enterprise information system. Organizacija 45(6):276–288
33.
Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2011) Nist cloud computing reference architecture. NIST Spec Publ 500(2011):1–28
34.
Soomro ZA, Shah MH, Ahmed J (2016) Information security management needs more holistic approach: a literature review. Int J Inf Manag 36(2):215–225CrossRef
35.
Rezgui Y, Marks A (2012) Information security awareness in higher education: an exploratory study. Comput Secur 27(7–8):241–253
36.
Chen S, Tang Y, Li Z (2016) Unita: a reference model of university it architecture. In: Proceedings of the 2016 international conference on communication and information systems. ACM, pp 73–77
37.
Sharbaf MS (2014) A new perspective to information security: total quality information security management. In: Proceedings of the 7th international conference on security of information and networks. ACM, p 56
38.
Gunawan I, Noertjahyana A, Rusli H (2014) Security risk management at the computer center of X university. ARPN J Eng Appl Sci 9:2906–2911
39.
Gunawan I, Noertjahyana A, Rusli H, Zavareh AA, Abdullah R, Fadilah SI, Shibghatullah AS, Abas ZA, Wahab MHA, Nur W, Hashim W et al (2014) Analysis and implementation of operational security management on computer center at the university X. Journal
40.
Rehman H, Masood A, Cheema AR (2013) Information security management in academic institutes of Pakistan. In: 2013 2nd National conference on information assurance (NCIA). IEEE, pp 47–51
41.
Ismail WBW, Widyarto S, Ahmad RATR, Ghani KA (2017) A generic framework for information security policy development. In: 2017 4th International conference on electrical engineering, computer science and informatics (EECSI). IEEE, pp 1–6
42.
Jufri MT, Hendayun M, Suharto T (2017) Risk-assessment based academic information system security policy using octave allegro and iso 27002. In: Second international conference on informatics and computing (ICIC), p 2017
43.
Bianchi IS, Sousa RD (2016) It governance mechanisms in higher education. Procedia Comput Sci 100:941–946CrossRef
44.
Gultom R, Midhio W, Silitonga T, Pudjiatmoko S (2018) Introducing the six-ware cyber security framework concept to enhancing cyber security environment. In: ICCWS 2018 13th international conference on cyber warfare and security. Academic conferences and publishing limited, p 262
45.
Mohamad FS, Albahaloul HA (2018) Assessing security of cloud services in Malaysian universities a review. In: Proceedings of the international conference on E-business and mobile commerce. ACM, p 2018
46.
Nugroho LE, Santosa PI, Ferdiana R et al (2017) Recommendation of cloud computing use for the academic data storage in university in Lampung province, Indonesia. In: 2017 7th International annual engineering seminar (InAES). IEEE, pp 1–5
47.
Rajab M, Eydgahi A (2019) Evaluating the explanatory power of theoretical frameworks on intention to comply with information security policies in higher education. Comput Secur 80:211– 223CrossRef
48.
Sanchez-Puchol F, Pastor-Collado JA, Borrell B (2017) Towards an unified information systems reference model for higher education institutions. Procedia Comput Sci 121:542–553CrossRef
49.
Joshi C, Singh UK (2016) Quantitative information security risk assessment model for university computing environment. In: 2016 International conference on information technology (ICIT). IEEE, pp 69–74
50.
Zhang H, Li HB, Liu HJ (2013) Design and implementation of management information system based on ssh architecture for departments of colleges and universities. In: Advanced materials research, vol 756. Trans Tech Publ, pp 1933–1937
51.
Cheung SKS (2014) Information security management for higher education institutions. In: Intelligent data analysis and its applications, vol I. Springer, pp 11–19
52.
Reddy N, Singh P, Petkov D (2013) Perceptions and expectations of it service delivery post migration to a microsoft platform at a university of technology in South Africa. In: Proceedings of the South African Institute for computer scientists and information technologists conference. ACM, pp 85–89
53.
Wada T, Fuse I, Okabe S, Tatsumi T, Ueda H, Uehara T, Nakanishi M, Tagawa T, Murata I (2017) Producing video clips for information ethics and security in higher education. In: Proceedings of the 2017 ACM annual conference on SIGUCCS. ACM, pp 129–131
54.
Pereira C, Ferreira C, Amaral L (2018) An it value management capability model for Portuguese universities: a delphi study. Procedia Comput Sci 138:612–620CrossRef
55.
Ngoqo B, Flowerday SV (2015) Information security behaviour profiling framework (isbpf) for student mobile phone users. Comput Secur 53:132–142CrossRef
56.
Harrell CR, Patton M, Chen H, Samtani S (2018) Vulnerability assessment, remediation, and automated reporting: case studies of higher education institutions. In: 2018 IEEE international conference on intelligence and security informatics (ISI). IEEE, pp 148–153
57.
CM Kang, PSJ Ng, K Issa (2015) A study on integrating penetration testing into the information security framework for malaysian higher education institutions. In: 2015 international symposium on mathematical sciences and computing research (iSMSC). IEEE, pp 156–161
58.
Yamanoue T, Furuya T, Shimozono K, Masuya M, Oda K, Mori K (2013) Enhancing information security of a university using computer ethics video clips, managed security service and an information security management system. In: Proceedings of the 41st annual ACM SIGUCCS conference on User services. ACM, pp 101–104
59.
Xie JH, Xiao JH (2014) Constructing an university scientific research management information system of net platform. In: Applied mechanics and materials, vol 441. Trans Tech Publ, pp 984–988
60.
Feng H, Wei W, Kong Z, Yang S (2017) Research on information security evaluation model of public institution. In: International symposium on intelligent signal processing and communication systems (ISPACS), p 2017
61.
Shava FB, Van Greunen D (2013) Factors affecting user experience with security features: a case study of an academic institution in Namibia. In: 2013 Information security for South Africa. IEEE, pp 1–8
62.
Siponen MT (2000) A conceptual foundation for organizational information security awareness. Inf Manag Comput Secur 8(1):31–41CrossRef
63.
Ashenden D (2008) Information security management: a human challenge? Inf Secur Techn Rep 13(4):195–201CrossRef
Metadaten
Titel
Information security management frameworks and strategies in higher education institutions: a systematic review
verfasst von
Jorge Merchan-Lima
Fabian Astudillo-Salinas
Luis Tello-Oquendo
Franklin Sanchez
Gabriel Lopez-Fonseca
Dorys Quiroz
Publikationsdatum
25.07.2020
Verlag
Springer International Publishing
Erschienen in
Annals of Telecommunications / Ausgabe 3-4/2021
Print ISSN: 0003-4347
Elektronische ISSN: 1958-9395
DOI
https://doi.org/10.1007/s12243-020-00783-2

Weitere Artikel der Ausgabe 3-4/2021

Annals of Telecommunications 3-4/2021 Zur Ausgabe

OriginalPaper

Understanding cyberbullying as an information security attack—life cycle modeling

OriginalPaper

Transparency of SIM profiles for the consumer remote SIM provisioning protocol

OriginalPaper

A decision tree for building IT applications

OriginalPaper

Mobile money traceability and federation using blockchain services

OriginalPaper

Novel user authentication method based on body composition analysis

OriginalPaper

Survey on physical layer security for 5G wireless networks

Neuer Inhalt

    Bildnachweise