Abstract

Academic institutions are among the most targeted information systems in the world. Their highly decentralized infrastructure makes it difficult to ensure reliable security measures across their networks. Moreover, academic institutes have different departments, with diverse users (faculty, staff, students, and researchers), with abundant public and private data residing on servers and end systems. The probability and impact of threats and damage to the confidentiality, integrity and availability have never been higher. Although the educational institutes are now aware that the security of their information assets (included IT infrastructure, records, research data, faculty and students) is their highest priority in terms of risk, business continuity and reputation, very little research/work has been carried out in this field. This paper provides a general framework to implement the Information Security Management System (ISMS) in academic institutes and suggests some best practices to adopt or implement in order to make the system and network secure to some extent.