Information security management frameworks and strategies in higher education institutions: a systematic review

Author(s):  
Jorge Merchan-Lima ◽  
Fabian Astudillo-Salinas ◽  
Luis Tello-Oquendo ◽  
Franklin Sanchez ◽  
Gabriel Lopez-Fonseca ◽  
...  
2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   


Sign in / Sign up

Export Citation Format

Share Document