Mastering information security through standard implementation

Abstract

This  paper  aims  to  enhance  information  security  within  an  organization, considering the perennial concern for security in organizations utilizing ICT applications.   Educational   institutions   also   exhibit   deficiencies   in   the domain   of   data   security.   The   adoption   of international   organization for    standardization (ISO)27001-2013    served    to    pinpoint    potential vulnerabilities   and   non-compliance   with   safety   standards,   aiming   to minimize  associated  risks.  Through  this  framework,  an  assessment  of  data security within public educational institutions in our country was conducted, focusing on a public university as a case study. Given the sensitive nature of this  field,  guidance  is  provided  on  identifying  security-related  issues  based on ISO 27001 standards and on-ground situations. Surveys were employed, aligning  with  the  required  standards,  to  scan  the  prevailing  situation.  Data from  surveys  at  public  academic  institution  were  collected  and  analyzed using   the   SPSS   application.   The   findings   underscore   instances   where security  protocols  can  prevent  or  mitigate  abuses,  consequently  enhancing the  overall  level  of  data  security.  Emphasizing  education  as  a  pivotal recommendation,  this  study  advocates  for  educating  personnel  who  handle sensitive  data,  derived  from  the  application  of  these  standards.  This  paper accounts for potential risks that could expose organizational weaknesses and thoroughly elucidates the steps and procedures undertaken in this approach, substantiated by illustrated examples.