This chapter introduces information security within the educational environments that utilize electronic resources. The education environment experienced a paradigm shift over the last several years, due to the rapid growth in technology. This growth has made it possible for the education environment to utilize electronic services to enhance education methods. It is however vital that all education environments (traditional or new ones) ensure that all resources (lecturers, students and data) are properly protected against any possible security threats. This chapter highlights the importance of securing information within the electronic environment. This is done by providing key aspects that must be addressed and implemented to ensure information security. The chapter also identifies four information security pillars that could assist top management to enhance overall information security management.
Information Security: Policies And Procedures
We live in an era in which information is becoming increasingly valuable and the organization with the best information on which to base management decisions will be the likeliest to win and prosper (Finne, 2000). It is therefore essential to secure information properly against all possible information security threats (from inside as well as outside the organization). This section identifies some information security issues that should be taken into consideration when securing information in any environment.
Key Terms in this Chapter
Non-Denial: Ensures that no action taken that affects Information Security can be denied at a later stage (Von Solms & Eloff, 2004).
Information Security Awareness: Entails ensuring that all stakeholders in an organization understand their role and responsibility towards securing the information they work with.
Authorization: Involves determining whether or not the authenticated party has the right to access the information in question (Von Solms & Eloff, 2004).
Availability: Data and information is accessible at any time to authorized parties (International Federation of Accountants, 2000).
Information Security Management: It is about maintaining Information Security in an organization (Pfleeger, 1997).
Information Security Policies: An Information Security policy is a set of documentation that contains Information Security rules and regulations (National Institute of Standards and Technology, 2000).
Integrity: Ensures that information is still in its original form and that no tampering or alteration has taken place.
Corporate Governance: Is a system or method by which companies are directed, controlled and managed (Cadbury Report, 1992; King Report, 2002).
Confidentiality: Ensures that information and data are not disclosed to any unauthorized person or entity (International Federation of Accountants, 2000).