Abstract:
The academic institutions are among the most targeted information systems in the world.
Their networking systems present a unique challenge in terms of information security. Their highly
decentralized infrastructure makes it difficult to ensure reliable security measures across the
networks. Moreover, academic institutes or universities have different departments, with diverse
users (faculty, staff, students, and researchers), with abundant public and private data residing on
servers and end systems, the probability and impact of threats and damage to the confidentiality,
integrity and availability have never been higher. Although the educational institutes are now aware
that the security of their information assets (including IT infrastructure, records, research data,
faculty and students) is their highest priority in terms of risk, business continuity and reputation,
however very little research/work has been carried out in this field. This research work provides a
general framework for carrying out the risk assessment within the scope of ISMS and suggesting
some best security measures in order to implement the Information Security Management System
(ISMS) in academic institutes of Pakistan. The standard ISO 27001 of ISMS is selected to ensure
the selection of appropriate security controls to protect information assets, however, other institutes
are free to choose any other standard or method or combination of different controls or best
practices according to their requirement.
