Toward an Effective Information Security Risk Management of Universities’ Information Systems Using Multi Agent Systems, Itil, Iso 27002,Iso 27005

Universities in the public and private sectors depend on information technology and information systems to successfully carry out their missions and business functions. Information systems are subject to serious threats that can have adverse effects on organizational operations and assets, and individuals by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processes, stored or transmitted by those systems. Threats to information systems can include purposeful attacks, environmental disruptions, and human/machine errors, and can result in harm to the integrity of data. Therefore, it is imperative that all the actors at all levels in a university information system understand their responsibilities and are held accountable for managing information security riskthat is the risk associated with the operation and use of information systems that support the missions and business functions of their university. The purpose of this paper is to propose an information security toolkit namely URMIS (University Risk Management Information System) based on multi agent systems and integrating with existing information security frameworks and standards, to enhance the security of universities information systems. Keywords—Information security; information systems; multi agent systems; ITIL V3; ISO 27002; ISO 27005