Abstract:
The most important asset of an organization is information. In academic institutes information is very critical asset as compared to other assets where information is used in teaching, research, administration and management. Information can be of any type i.e. electronic or in hard form. In information security policy we define who will be responsible for what, depending upon the roles of the user and type of data to be used.
Unfortunately information security cannot be guaranteed 100% by any mean or method. Therefore, there is a need for standards to ensure best security practices; until and unless they are adopted an adequate level of security cannot be attained. These policies are followed by the students and the concerned employees. One who fails to comply with this policy is subjected to disciplinary measures or for employees failure to comply could result in termination.ISO 27001 is one such standard, whose basic objective is to provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS).
The purpose of this research work is to address a practical roadmap for information security policy in academic institutes. Survey, interviews and network analysis of the academic institutes of Pakistan was done to achieve the desired goals.
