Building a Maturity Model of Information Security Governance for Technological Colleges and Universities in Taiwan

Abstract

This study used a questionnaire survey to investigate the maturity of information security governance (ISG). The main objective is to assess the maturity of ISG, exploring the factors concerned, and building an ISG maturity model . Questionnaires were sent to 93 CIOs in schools, and 85 were returned. The return ratio is 91.4% excluding three invalid, and with 82 effective questionnaires, the effective sample return rate is 88.2%. In order to improve the maturity of ISG for Taiwanese technological colleges and universities, this study aims to build an ISG maturity model to look for relevant features of maturity of ISG. According to the Information Security Governance and Maturity Assessment Tool, this study found that schools with low rates of maturity take up 59.8%, medium 31.7%, and high 8.5%. With discriminant analysis, the maturity of ISG can be distinguished by low, medium, and high rates. With correlation analysis, this study finds that 33 items have significant correlation with ISG maturity. With analysis of variance (ANOVA), post hoc range test and ANOVA multiple comparison least significant difference (LSD), this study finds that there are significant differences between the items of ISG maturity. This study also finds the ISG maturity of schools is lower. They can improve their ISG maturity according to this model.