Abstract:
Information security consists of technical views for securing the Information like
security protocols, cryptographic tools, firewalls, intrusion detection and protection
systems as well as information security management methods and tools like controls
and policies at organizations, risk management policies and incident management etc.
Managing information security is more critical. In recent years, advances in
information security management (ISM) are rapid at organizational level. A gap exists
in what is being taught in educational institutes and being practiced in industry in ISM.
There are very limited evidences and studies on how to design and teach ISM in
educational institutes. It is also not clear that which factors are necessary for ISM
curricula designing and whether all factors are equally important or which factors are
not that important.
This research examines the gaps in teachings and industry practices of ISM in Pakistan.
Gap analysis was done on the current information security Management course outline
of SEECS- NUST Islamabad, Pakistan. To analyze this gap and to examine the topic
selection for the curricula being taught, a survey has been conducted from information
security Management personnel from different organizations of Pakistan
