Abstract
As universities seek to adopt increased e-business, e-commerce and e-learning initiates, the overall approach taken for security management within the organisation plays an increasingly relevant role. In many cases security in universities is approached through the addition of tactical solutions. Often systems security is added on as a final consideration instead of during early design stages. This approach can be incomprehensive and inefficient. Although this approach can provide limited security, there is no guarantee that business requirements for security are incorporated and integrated effectively. This situation is partly due to security management in Australian universities being challenged by the complexity of both university culture and diverse operating environments. In many circumstances the champion for security in universities tends to be relegated to an officer in the IT department, hidden away from the business itself. Often this person with operational responsibility for security will have a detailed understanding of what should occur in security, but faces difficulties in determining exactly how to go about achieving this on an enterprise level. In order to assist in securing university IT systems and thereby improving e-business security, this research proposes a security practitioner’s management model. This model is aimed at facilitating the transition of security knowledge into actual implementation across the enterprise, with an end goal of an improved culture of compliance towards security practices in the university sector. This work is of significant value as it results from a study into specific security management issues facing Australian universities. This study highlights that future research would be well-placed to focus on benchmarking information security management within the university sector.