Information Security Compliance Framework For K-12 Schools in Australia

Abstract

Data protection or information security is one of the main pillars in any business and the continuity of a business depends on data and privacy. The education sector is one of the most important industries that deals with large amounts of data. Minors' data is thought to be more reliable because it is more critical and significant. Overall purpose of this research is to develop a specific and a well-structured framework to protect minor’s data in K-12 schools in Australia. This framework is a less complex and an easy to implement framework that can be implemented at K-12 schools in Australia to defend against cyber-attacks. Major gaps that were identified in this research were the lack of information security frameworks for the education domain, lack of cyber security knowledge in general IT staff and the discontinuation of frameworks due to the overhead. This proposed framework consists of three major areas that will minimize the threats that a K-12 school will face. Maintaining a secure infrastructure, secure information governance and user awareness along with a maturity assessment model are the three main areas that are covered in this research. This framework contains a structured guideline which includes an implementation guideline for each security control. This framework will also assist the users to assess the maturity level once the framework is implemented. The proposed framework will make K-12 schools more resilient to cyber-attacks and information will be managed in a more structured approach. The prosed framework is less complex and less technical, compared to other industry leading cyber security frameworks. This is more focused towards data protection and managing minor’s data securely. As a future enhancement to this study, it can also be developed furthermore to cater other industries in other regions."