A Review of Cybersecurity Management Standards Applied in Higher Education Institutions

Abstract

The pervasive integration of information systems and computer networks in organizational infrastructure has significantly heightened the susceptibility to cyber threats. Despite the implementation of advanced security measures, the prevalence of unauthorized access and system breaches continues to escalate. These vulnerabilities expose information systems to risks such as data theft, destruction from natural disasters, and malware attacks, which pose a considerable threat to the integrity of user data and system security. Unintentional factors, including human errors and natural calamities, further compound these risks. In academia, where the protection of sensitive information is of utmost importance, the need for robust cybersecurity measures is particularly acute. In response to these challenges, international bodies have established standards and frameworks to govern and strengthen information security protocols. This study conducts a rigorous assessment of the ISO/IEC 27001 and NIST Cybersecurity Framework (CSF) standards, which are extensively implemented by Higher Education Institutions (HEIs) to manage cybersecurity risks. Through an analytical approach, the research delineates the policies and guidelines specified in these standards. The aim is to discern the most effective strategies for reinforcing information security within HEIs, amidst the rapidly evolving landscape of information technology and the sophisticated tactics of cyber adversaries.