Network Security Policy for Higher Education Institutions based on ISO Standards

Abstract

Computer network plays a very important role in any organizations or institutions. It becomes a necessary tool, useful for communications, and can be utilized in storing data in various forms and at various locations. However, it intrinsically at risk to breaches from both internal and external attacks, and because of that, there should be an appropriate implementation and management of the network and its security. The study aimed to assess the employed network security of the higher education institutions (HEIs) and check if they conform to the six parts of ISO 27033 international standards. Standardized ISO 27033 assessment questionnaire was the main tool in gathering the data and the respondents were the network security team members of the five (5) HEIs. Results showed that HEIs did not mostly conform to the ISO 27033 requirements. Hence, to have a better guide and implementation of the institutions network security, a network security management policy based on ISO 27033 must be in place.