Information Security Management for Higher Education Institutions

  • Simon K. S. Cheung
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 297)


Information security aims at protecting the information assets of an organization from any unauthorized access, disclosure and destruction. For information security to be effectively enforced, good management practices comprising policies and controls should be established. This paper investigates the information security management for higher education institutions. Based on the conventional CIA (confidentiality, integrity and availability) triad of information, eight control areas on information security are identified. They include information asset controls, personnel controls, physical controls, access controls, communication controls, operation controls, information system controls, and incident management and business continuity. A governance framework is important for establishing the policies and executing the controls of information security. It is necessary to maintain a right balance between the technical feasibility and the flexibility and efficiency in administration.


information security management information security policies information security controls 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bishop, M.: Computer Security, Art and Science. Addison-Wesley (2003)Google Scholar
  2. 2.
    Raggad, B.G.: Information Security Management: Concepts and Practices. CRC Press (2010)Google Scholar
  3. 3.
    Peltier, T.: Information Security Policies and Procedures: A Practitioner’s Reference. CRC Press (2004)Google Scholar
  4. 4.
    Parker, D.B.: Toward a New Framework for Information Security. In: Kabay, M.E. (ed.) The Computer Security Handbook. John Wiley (2002)Google Scholar
  5. 5.
    Anderson, J.M.: Why We Need a New Definition of Information Security. Computer and Security 22(4), 308–313 (2003)CrossRefGoogle Scholar
  6. 6.
    Matbouli, H., Gao, Q.: An Overview on Web Security Threats and Impact to e-Commerce Success. In: Proceedings of the International Conference on Information Technology and e-Services, pp. 1–6. IEEE Press (2012)Google Scholar
  7. 7.
    Singh, S., Karaulia, D.S.: E-Governance: Information Security Issues. In: Proceedings of the International Conference on Computer Science and Information Technology, pp. 120–124. IEEE Press (2011)Google Scholar
  8. 8.
    Hwang, M.S., Li, C.T., Shen, J.J., Chu, Y.P.: Challenges in e-Government and Security of Information. Information & Security 15(1), 9–20 (2004)Google Scholar
  9. 9.
    Akhawe, D., Barth, A., Lam, P.E., Mitchell, J.: Towards a Formal Foundation of Web Security. In: Proceedings of the IEEE Symposium on Computer Security Foundations, pp. 290–304. IEEE Press (2010)Google Scholar
  10. 10.
    Pansa, D., Chomsiri, T.: Web Security Improvement by using Dynamic Password Authentication. In: Proceedings of the International Conference on Network and Electronic Engineering, pp. 32–36. IACSIT Press (2011)Google Scholar
  11. 11.
    Chen, C.M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A Scalable Transitive Human-Verifiable Authentication Protocol for Mobile Devices. IEEE Transactions on Information Forensics and Security 8(8), 1318–1330 (2013)CrossRefGoogle Scholar
  12. 12.
    Chen, C.M., Chen, Y.H., Lin, Y.H., Sun, H.M.: Eliminating Rouge Femtocells based on Distance Bounding Protocol and Geographic Information. Expert Systems with Applications 41(2), 426–433 (2014)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Cheung, K.S.: Development of Organizational Information Security Policies. In: Proceedings of the International Conference on Intelligent Computing and Intelligent Systems, pp. 753–756. IEEE Press (2011)Google Scholar
  14. 14.
    Cheung, K.S.: A Comparison of WebCT, Blackboard and Moodle for the Teaching and Learning of Continuing Education Courses. In: Tsang, P., et al. (eds.) Enhancing Learning Through Technology, pp. 219–228. World Scientific (2006)Google Scholar
  15. 15.
    Yau, J., Lam, J., Cheung, K.S.: A Review of E-Learning Platforms in the Age of E-Learning 2.0. In: Wang, F.L., Fong, J., Zhang, L., Lee, V.S.K. (eds.) ICHL 2009. LNCS, vol. 5685, pp. 208–217. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Cheung, K.S., Lam, J., Yau, J.: A Review of Functional Features of E-Learning Platform in the Continuing Education Context. International Journal of Continuing Education and Lifelong Learning 2(1), 103–116 (2009)Google Scholar
  17. 17.
    Rezgui, Y., Marks, A.: Information Security Awareness in Higher Education: An Exploratory Study. Computers & Security 27(7), 241–253 (2008)CrossRefGoogle Scholar
  18. 18.
    Kvavik, R.B.: Information Technology Security: Governance, Strategy and Practice in Higher Education, Center for Applied Research, EDUCAUSE (2004)Google Scholar
  19. 19.
    Kam, H.J., Katerattanakul, P., Gogolin, G., Hong, S.: Information Security Policy Compliance in Higher Education: A Neo-Institutional Perspective. In: Proceedings of the Pacific Asia Conference on Information Systems. Association for Information Systems (2013)Google Scholar
  20. 20.
    OGCIO, Baseline IT Security Policy, The Office of the Government Chief Information Officer, The Government of the Hong Kong Special Administrative Region, Hong Kong (2009)Google Scholar
  21. 21.
    ISO, ISO 27000 : Information Security Management System : Family of Standards, Joint Technical Committee, International Organization for Standardization and International Electrotechnical Commission (2005)Google Scholar
  22. 22.
    Onwubiko, C.: A Security Audit Framework for Security Management in the Enterprise. In: Jahankhani, H., Hessami, A.G., Hsu, F. (eds.) ICGS3 2009. CCIS, vol. 45, pp. 9–17. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Lo, E.C., Marchand, M.: Security Audit: A Case Study. In: Proceedings of the Canadian Conference on Electrical and Computer Engineering, pp. 193–196. IEEE Press (2004)Google Scholar
  24. 24.
    Kelson, N.: Information Security Management Audit and Assurance Programme. In: ISACA (2010)Google Scholar
  25. 25.
    ISO, ISO 27007 : Guidelines for Information Security Management Systems Auditing, Joint Technical Committee, International Organization for Standardization and International Electrotechnical Commission (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.The Open University of Hong KongHomantin, KowloonHong Kong

Personalised recommendations