It is well known that technology utilization is not restricted for one sector than the other anymore, Educational organizations share many parts of their information systems with commercial organizations. In this paper we will try to identify the main characteristics of information systems in educational organizations, then we will propose a model of two parts to enhance the information systems security, the first part of the model will handle the policy and laws of the information system, the second part will provide a technical approach on how to audit and subsequently maintain the security of information system.
According to Encyclopedia Britannica; a university is an institution of higher education and research, which grants academic degrees in a variety of subjects. A university is a corporation that provides both undergraduate education and postgraduate education. The word university is derived from the Latin universitas magistrorum et scholarium, roughly meaning "community of teachers and scholars." With the higher competitive environment around the world, educational organizations are not saving any effort to provide the best educational experience. This effort includes employment of latest technologies available; from the entrance of computers mid 20 th century up to the outsourcing of complex Enterprise Resource Planning systems and usage of cloud computing. This usage along side with the expanded branches of educational organizations have presented new challenges, the virtual private networks, wide area networks and usage of web interfaces all together made the educational organizations target as same as any other organization on the cyber space.
According to WhiteHat website security statistics report 2011 ‘‘Most websites were exposed to at least one serious vulnerability every day of 2010, or nearly so (9-12 months of the year). Only 16% of websites were vulnerable less than 30 days of the year overall." And “71% of Education, 58% of Social Networking, and 51% of Retail websites were exposed to a serious vulnerability every day of 2010”. In this paper we will tackle the issue of Information Systems safety in educational organization, considering King Abdulaziz University as a case study and propose a two tier model for enhancing the security of information system in educational organizations..
‘‘Information system security relates to the adequacy of management controls to prevent, avoid, detect and recover from whole range of threats that could cause damage or disruption to computer systems.’’ (Pattinson, 2008), the process of information security cannot provide a complete prevention, avoidance, detection and recovery from the threats over it (Singh, 2008). And any self aware Information Systems Management realize that; but the fact that any action of information security management can help to reduce these factors gives that motive to embrace all strategies, models and techniques to achieve that. We can identify the main process of the information system security in the following diagram based on the previous definition:
“A university information system has to provide information about research and scientific cooperation offers, education and further education capabilities.” (Kudrass, 2006). Information systems in universities can be considered more complex than the usual information systems used in commercial organization. But still it must pay the same attention to its customers (students and members) (Luo and Warkentin, 2004).
The complexity In the King Abdulaziz University information system is relative to The Land Grant University System (Chae and Poole, 2009) and comprised of the following main components:
A-The Students Systems that include 1-On Demand University Services (ODUS) 2-Electronic Report System (ERS) 3-Virtual Classes System (CENTRA) 4-Electronic Management of Education System (EMES) B-The Academic Systems that include 1-On Demand University Services (ODUS) 2-Academic Affairs System (SMART) 3-Academic Services for Higher Education 4-Anjez system for human resources, financial management and memo’s. 5-Performance Management System (PMS) 6-Evaluation System C-Management Systems that include: 1-Anjez system 2-Employment system 3-Decisions and memos system.
The above systems can be viewed by each member (Student, Academic or Employee) depending on his unique number and password. Those information systems are supported by the infrastructure used in the university to provide connectivity amongst campuses in the kingdom and provide internet services for the users.
The In real situation it hard to answer these questions, according to (Janczewski, 2009) the reasons behind that are:
• The cost and duration to collect such probabilities may be so huge that job will not be acceptable to management. • Attacks never happened, but they may happen in the future, so there is no reliable loss of information.
Another factor that raises the risk is the nature of educational organizations, since university standings could suffer greatly from any sort of data manipulation or exposure.
We can provide theoretical risk assessment depending on the nature of the system; the system in the university depends mainly on unique user names and password and on data acquisition upon transfer, especially among long distance branches. Further investigation to risk analysis requires elaborate software applications which are not our purpose for this paper.
In this section we will tackle the main issue of our paper.
Although methodologies are yet till now still not completely mature (Torres, 2009) and some models
This content is AI-processed based on open access ArXiv data.
