On the issue of ensuring information Security requirements at the University

Objective. This publication addresses a pressing issue: ensuring information security (IS) requirements for the educational process at higher education institutions (HEIs) in the Russian Federation.

Method. It appears appropriate to consider IS compliance not as a separate process, but as an "integrated quality" of established management systems, such as a quality management system (QMS) compliant with ISO 9001 or a specialized management system for an educational organization (SMEO) compliant with ISO 21001.

Result. It has been demonstrated that IS compliance requires only a "targeted" management system compliant with ISO 27001. However, as the author's experience in auditing HEIs has shown, this is not the only optimal option. The novelty of this publication lies in its objective examples of how well-known standards (e.g., ISO 9001 or ISO 21001) can be applied with minimal costs and effective compliance with relevant requirements.

Conclusion. The implementation of the "built-in quality" principle in terms of information security assurance, which has been sufficiently confirmed during testing at universities, provides a practical basis for experts (consultants and auditors) in selecting and implementing a strategic direction in the field of conformity assessment. The obtained results can be applied by all stakeholders striving to ensure the required level of information security as part of the overall process of ensuring an effective QMS or ISMS for universities.

1. https://www.iso.org/standard/62085.html

2. https://www.iso.org/standard/66266.html

3. https://www.iso.org/standard/27001

4. https://www.kommersant.ru/doc/7480689?from=trends

5. https://www.securitylab.ru/news/537985.php

6. https://cyberresilience.com/threatintel/apt-group-kimsuky-targets-university-researchers/?utm_source=se%D1%81uritylabru

7. https://www.securitylab.ru/news/536418.php

8. https://www.securitylab.ru/news/536310.php

9. https://www.securitylab.ru/news/539183.php

10. https://www.kommersant.ru/doc/7381376?ysclid=m8po0siqqx875956208

11. https://www.iso.org/the-iso-survey.html

12. Livshits I.I. Ensuring the Security of Personal Data in Remote Learning. Energy Safety and Energy Saving. 2022;1:57-62. (In Russ)

13. Livshits I.I. Results of Applying the Risk Funnel in Full Distance Learning. Energy Safety and Energy Saving. 2021;2: 46-50. (In Russ)

14. Livshits I.I. Quality Management in Distance Learning: An Example of Practice at ITMO University. Quality Management. 2022;1: 68-77. (In Russ)

15. Livshits I.I. On Current Issues of Education in the Field of Information Security. Automation in Industry. 2019; 9:10-13. (In Russ)

16. Livshits I.I. Assessing the Need to Improve the Current Procedure for Training Qualified Personnel in the Field of Information Security. Gas Industry. 2024;9 (871):200-205. (In Russ)

17. Livshits I.I. Problems of Training Specialists in the Field of Information Security. Herald of the Dagestan State Technical University. Technical Sciences. 2024;51(1):123-131. (In Russ)

18. Livshits I.I., Neklyudov A.V. Methodology for Optimizing the Information Security Audit Program. In the collection: Comprehensive Information Protection. Proceedings of the XXII scientific and practical conference. 2017:135-139. (In Russ)

19. Livshits I.I., Neklyudov A.V. Methodology for Instant Information Security Audits. In the collection: Comprehensive Information Protection. Proceedings of the XXII scientific and practical conference. 2017: 139-142. (In Russ)

20. Livshits I.I. Methodology for technical security audit of own Service Desk. Standards and quality. 2024;6:. 102-107. (In Russ)