Information Security Awareness Analysis of the Threat of Data Leakage in Educational Institutions with the ISO 27001 Framework
Abstract
In the rapidly evolving digital era, information security has become a major concern for various organizations, including educational institutions that are facing pressures such as "publish or perish" and performance metrics like VOS viewer. Serious threats such as cyber-attacks and data breaches require more advanced security solutions. Implementing an Information Security Management System (ISMS) based on ISO 27001 standards is crucial in safeguarding information assets. This research discusses the importance of information security awareness, identifies threats to data protection, and applies ISO 27001 standards in the context of educational institutions. The research methodology employs the PRISMA guideline to evaluate related reviews and meta-analyses systematically. Information security awareness, data protection, and ISO 27001 compliance focus on building a robust information security system within educational institutions facing performance and assessment demands.
References
Abazi, B. (2020). A novel approach for information security risk assessment maturity framework based on ISO 27001 (Doctoral dissertation, Budapesti Corvinus Egyetem).
Alkahtani, H. K. (2018). Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework (Doctoral dissertation, Loughborough University).
Allendevaux, S. (2021). How US State Data Protection Statutes Compare in Scope to Safeguard Information and Protect Privacy Using Iso/Iec 27001: 2013 and Iso/Iec 27701: 2019 Security and Privacy Management System Requirements as an Adequacy Baseline (Doctoral dissertation, Northeastern University).
Alzahrani, L., & Seth, K. P. (2021). The impact of organizational practices on the information security management performance. Information, 12(10), 398.
Anwar, M. J., & Gill, A. (2021, January). Developing an Integrated ISO 27701 and GDPR based Information Privacy Compliance Requirements Model. In Australasian Conference on Information Systems 2020.
Banciu, D., Radoi, M., & Belloiu, S. (2020). Information security awareness in Romanian public administration: an exploratory case study. Studies in Informatics and Control, 29(1), 121-129.
Conti, M., Kumar, E. S., Lal, C., & Ruj, S. (2018). A survey on security and privacy issues of bitcoin. IEEE communications surveys & tutorials, 20(4), 3416-3452.
Dada, M. S., Atobauka, I. S., & Ogunode, N. J. (2021). Deployment of Information Communication Technology for universities administration in Nigerian public universities: challenges and way forward. Middle European Scientific Bulletin, 19, 163-175.
Dhakal, R. (2018). Measuring the effectiveness of an information security training and awareness program. Doctoral Thesis, Charles Sturt University.
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(2).
Dombora, S. (2016). Characteristics of information security implementation methods. Book Chapter, Institute of Communication Engineering OBUDA, Hungary.
Faris, S., Ghazouani, M., Medromi, H., & Sayouti, A. (2014). Information security risk assessment—A practical approach with a mathematical formulation of risk. International Journal of Computer Applications, 103(8), 36-42.
HONG, H. L. (2013). Feasibility Study on Incorporating IEC/ISO27001 Information Security Management System (ISMS) Standard in it Services Environment, Doctoral dissertation, Universiti Teknologi Malaysia).
Itradat, A., Sultan, S., Al-Junaidi, M., Qaffaf, R., Mashal, F., & Daas, F. (2014). Developing an ISO27001 Information Security Management System for an Educational Institute: Hashemite University as a Case Study. Jordan Journal of Mechanical & Industrial Engineering, 8(2).
Kárász, B. and Kollár, C. (2021). Leadership Responsibilities in Information Security Awareness Development”, AARMS – Academic and Applied Research in Military and Public Management Science. Budapest, 19(2), pp. 79–91. doi: 10.32565/aarms.2020.2.6.
Kurii, Y., & Opirskyy, I. (2022). Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001: 2013. NIST Spec. Publ, 800(53), 10.
Legowo, N., & Juhartoyo, Y. (2022). Risk management; risk assessment of information technology security system at bank using ISO 27001. Journal of System and Management Sciences, 12(3), 181- 199.
Nasir, A., Abdullah Arshah, R., & Ab Hamid, M. R. (2019). A dimension-based information security culture model and its relationship with employees’ security behavior: A case study in Malaysian higher educational institutions. Information Security Journal: A Global Perspective, 28(3), 55-80.
Phirke, A., & Ghorpade-Aher, J. (2019). Best practices of auditing in an organization using ISO 27001 standard. Int. J. Recent Technol. Eng, 8(2), 691-695.
Ramadhan, N., & Rose, U. (2022). Adapting ISO/IEC 27001 Information Security Management Standard to SMEs.
Saadat, M., & Abbasi, M. U. (2021). Information Security Policy Development: the Mechanism to Ensure Security Over Information
Technology Systems. Global International Relations Review, IV, 22- 30.
Stanciu, V., & Tinca, A. (2016). Students' awareness on information security between own perception and reality–an empirical study. Accounting and Management Information Systems, 15(1), 112-130.
Stefaniuk, T. (2020). Training in shaping employee information security awareness. Entrepreneurship and Sustainability Issues, 7(3), 1832.
Syifaurachman, A. W. (2023). Risk Assessment Related To Privacy Information On Electronic Money Server- Based Using Iso 27001 Iso 27005, Iso 27701. Journal of Theoretical and Applied Information Technology, 101(3).
Tu, Z., & Yuan, Y. (2014). Critical success factors analysis on effective information security management: A literature review. Twentieth Americas Conference on Information Systems, Savannah, pp. 1-15.
Zec, M. (2015). Cyber security Measures in SME’s: a study of IT professionals’ organizational cyber security awareness. Linnaeus University, Kalmar. Zugriff unter http://www. divaportal. org/smash/get/diva2, 849211.
Abstract Views: 0
PDF Downloads: 0
