A Design of Information Security Maturity Model for Universities Based on ISO 27001

Abstract

Information infrastructure is one of the most critical assets in organizations. With continued and rapid advancement in technology especially brought by the need for employees to use their personal devices, it presents a major opportunity and challenge for enterprises, it poses a challenge as adversaries have taken advantage of widening cyber space to attack information and information systems. Our study provides a solution by designing a prototype of a web-based implementation prototype of an information security maturity model for universities. The research was based on ISO 27001 by involving specific clauses relevant to universities because of its unique organizational ecocentric nature having varied categories of user’s and extensive research allowing it to serve as a plausible area for study compared to other organizations. The cumulative factors having being considered statistically varied towards contribution towards the maturity model. The model is then implemented using a web-based prototype. The study adopted design research approach to come with the model design.