Information Security in Universities Risk Management and Internal Audit
摘要
The digital transition brings new challenges to public administration. In the case of public higher education, henceforth referred to as universities, there is a responsibility in academic terms to transmit up-to-date knowledge in teaching and learning processes, but its internal services must ensure that the information produced and held is secure. The purpose of this study is therefore to demonstrate the relevance of information security and risk management, as well as the necessary adaptation of internal auditing to the paradigm shift in digital processes. In order to do this, it is necessary to know the main risks faced by the universities; in terms of cybersecurity, to know what measures universities have already implemented and which relevant measures are most relevant mitigating computer risks. With regard to internal audits, to understand whether universities use information technologies, more precisely artificial intelligence technologies. Through this study, it can be concluded that although some universities have identified direct information security situations in their risk management plan, there is still a lot of work to be done in the implementation of security requirements, and consequently, making them suitable for internal audits.