Towards an Information Security Maturity Model for Universities Based On ISO 27001

Abstract

Information infrastructure is one of the most important assets in universities. With rapid advancement in technology, it poses a challenge as adversaries have come up to attack information and information systems. Most of the Information security attacks are normally targeted to organizations unaware coupled with the fact that most of the higher educational institutions are not aware of their information security posture. Therefore measuring the level of security of an organization would be vital in preparedness towards information security. In this paperthe study proposes a framework for assessing university information security maturity status. The said framework will take into consideration ISO 27001 by involving specific clauses relevant to universities. The cumulative factors contributed from risk domains can then be used for computation of information maturity.