The least secure places in the universe? A systematic literature review on information security management in higher education

Current research has demonstrated the progressively more strategic role that information security has in modern organisations. Higher education is no exception. The reported increasing number of security breaches experienced in recent years by higher education institutions epitomises the importance of confidentiality, integrity and availability of information in universities. To synthesise research in this field, this literature review systematically examines papers that have been published in the last thirteen years. The present review aims at expanding our understanding of the sub-topics, perspectives, methodologies, and trends that characterise this nascent field of investigation. Literature gaps are highlighted and an agenda for further work is proposed. First of its kind, this review concludes that information security management in higher education is a highly under-investigated topic. Areas for further research include information security culture; comparative studies on information security management in industries other than higher education; comparative studies across universities; and economics of information security management.