Authors: Maureen Olive M. Billones and Sherwin E. Ona
Educational institutions have not been exempted from occurrences of security breaches in its information systems (IS). Data from Educational Security Incidents (ESI) showed that educational institutions post the second highest in the number of security breaches from 2006 to 2008. And these incidents did not stop on coming. Therefore, it is essential that educational institutions pay much attention in securing its ISs by implementing controls through IS audit. However, guidelines on IS auditing were most applicable only to industries especially financial institutions. There’s a lot difference between the setup in industries and educational institutions that makes it hard to implement security programs. And so this study, presents an information security audit process model that is applicable to educational institutions considering the vulnerabilities in its norms and characteristics.
Keywords: information security; process model; audit process model; educationa linstitutions; ifnormation system audit