TY - JOUR
T1 - Information security management frameworks and strategies in higher education institutions
T2 - a systematic review
AU - Merchan-Lima, Jorge
AU - Astudillo-Salinas, Fabian
AU - Tello-Oquendo, Luis
AU - Sanchez, Franklin
AU - Lopez-Fonseca, Gabriel
AU - Quiroz, Dorys
N1 - Publisher Copyright:
© 2020, Institut Mines-Télécom and Springer Nature Switzerland AG.
PY - 2021/4
Y1 - 2021/4
N2 - Effective information security management (ISM) practices to protect the information assets of organizations from security intrusions and attacks is imperative. In that sense, a systematic literature review of academic articles focused on ISM in higher education institutions (HEIs) is conducted. For this purpose, an empirical study was performed. Studies carried out from 2012 onward reporting results from HEIs data that perform the ISM through various means, such as a set of framework functions, implementation phases, infrastructure services, and securities to their assets, have been explored. The articles found were then analyzed following a methodological procedure consisting of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. A set of competencies, resources, directives, and strategies that contribute to designing and to developing an ISM framework (ISMF) for HEIs is identified based on standards such as ISO 27000, COBIT, ITIL, NIST, and EDUCAUSE. This study introduces a strategic reference that guides HEIs on the development of an ISMF and provides recommendations that should be considered for its implementation in an era of ever-evolving security threats.
AB - Effective information security management (ISM) practices to protect the information assets of organizations from security intrusions and attacks is imperative. In that sense, a systematic literature review of academic articles focused on ISM in higher education institutions (HEIs) is conducted. For this purpose, an empirical study was performed. Studies carried out from 2012 onward reporting results from HEIs data that perform the ISM through various means, such as a set of framework functions, implementation phases, infrastructure services, and securities to their assets, have been explored. The articles found were then analyzed following a methodological procedure consisting of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. A set of competencies, resources, directives, and strategies that contribute to designing and to developing an ISM framework (ISMF) for HEIs is identified based on standards such as ISO 27000, COBIT, ITIL, NIST, and EDUCAUSE. This study introduces a strategic reference that guides HEIs on the development of an ISMF and provides recommendations that should be considered for its implementation in an era of ever-evolving security threats.
KW - Framework
KW - Higher education institution
KW - Information security
KW - ISMF
UR - https://www.scopus.com/pages/publications/85088596935
U2 - 10.1007/s12243-020-00783-2
DO - 10.1007/s12243-020-00783-2
M3 - Artículo
AN - SCOPUS:85088596935
SN - 0003-4347
VL - 76
SP - 255
EP - 270
JO - Annales des Telecommunications/Annals of Telecommunications
JF - Annales des Telecommunications/Annals of Telecommunications
IS - 3-4
ER -
