TY - GEN
T1 - Information security management for higher education institutions
AU - Cheung, Simon K.S.
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2014.
PY - 2014
Y1 - 2014
N2 - Information security aims at protecting the information assets of an organization from any unauthorized access, disclosure and destruction. For information security to be effectively enforced, good management practices comprising policies and controls should be established. This paper investigates the information security management for higher education institutions. Based on the conventional CIA (confidentiality, integrity and availability) triad of information, eight control areas on information security are identified. They include information asset controls, personnel controls, physical controls, access controls, communication controls, operation controls, information system controls, and incident management and business continuity. A governance framework is important for establishing the policies and executing the controls of information security. It is necessary to maintain a right balance between the technical feasibility and the flexibility and efficiency in administration.
AB - Information security aims at protecting the information assets of an organization from any unauthorized access, disclosure and destruction. For information security to be effectively enforced, good management practices comprising policies and controls should be established. This paper investigates the information security management for higher education institutions. Based on the conventional CIA (confidentiality, integrity and availability) triad of information, eight control areas on information security are identified. They include information asset controls, personnel controls, physical controls, access controls, communication controls, operation controls, information system controls, and incident management and business continuity. A governance framework is important for establishing the policies and executing the controls of information security. It is necessary to maintain a right balance between the technical feasibility and the flexibility and efficiency in administration.
KW - Information security controls
KW - Information security management
KW - Information security policies
UR - http://www.scopus.com/inward/record.url?scp=84928954571&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-07776-5_2
DO - 10.1007/978-3-319-07776-5_2
M3 - Conference contribution
AN - SCOPUS:84928954571
T3 - Advances in Intelligent Systems and Computing
SP - 11
EP - 19
BT - Intelligent Data Analysis and Its Applications - the 1st Euro-China Conference on Intelligent Data Analysis and Applications, Proceeding
A2 - Snasel, Vaclav
A2 - Abraham, Ajith
A2 - Corchado, Emilio S.
A2 - Wang, Shyue-Liang
A2 - Pan, Jeng-Shyang
A2 - Pan, Jeng-Shyang
T2 - 1st Euro-China Conference on Intelligent Data Analysis and Applications, ECC 2014
Y2 - 13 June 2014 through 15 June 2014
ER -