Regresar

Towards the Information Security Governance for Institutions of Higher Education: Harmonization of Standards

Abstract:

Institutions of Higher Education have been continually threatened by the lack of direction and control from the perspective of information security in the context of information technology governance. The ISO/IEC 27014:2013 standard represents an opportunity to govern information security; however, it suffers from a clear alignment that allows it to articulate its activities with the IT governance and provide visibility to the organizational government. This exploratory and document-level study has carried out a harmonization process between the ISO/IEC 27014:2013 and ISO/IEC 38500:2015 standards with the purpose of identifying overlapping problems and strongly related elements that contribute to a consistent model of information security governance at three levels: principles (responsibility, performance, strategy, risk analysis, compliance and human behavior), objectives and indicators. As a result, the components of the information security governance model have been defined as strongly related to information technology governance. This work contributes to the knowledge and collaboration of decision-makers in the strategic steering and information security control committees of Ecuador’s higher education institutions. Future work will focus in the relation of substantives components of law of higher education, the factorial analysis of components of the model with the participation of actors from the institutions, in order to consolidate it towards what the institutions cannot do without.