<![CDATA[Financial information systems in higher education institutions manage highly sensitive assets, including tuition payments, scholarships, payroll, vendor transactions, budgeting, and institutional financial reporting. Although ISO/IEC 27001:2022 provides a risk-based foundation for establishing an Information Security Management System, its implementation in universities is frequently constrained by fragmented governance, limited resources, complex asset environments, inconsistent managerial commitment, cultural resistance, and limited real-time monitoring capability. This study aims to develop an integrated security evaluation model for campus financial information systems by combining ISO/IEC 27001:2022, Zero Trust Architecture, AI-driven threat detection, security maturity assessment, and human-factor analysis. The study adopts a mixed-method sequential explanatory design integrated with Design Science Research. Quantitative stages include asset identification, risk scoring, ISO 27001 control gap analysis, maturity assessment, Zero Trust readiness assessment, and AI-driven detection readiness assessment. Qualitative stages include document analysis, semi-structured interviews, observation, expert judgment, and thematic analysis to examine organizational, cultural, and behavioral factors influencing security control effectiveness. The proposed outcome is the HEFIS-ISMS Model, an integrated framework consisting of seven layers: ISO 27001 control compliance, risk-based asset protection, security maturity, human and organizational factors, Zero Trust readiness, AI-driven detection readiness, and improvement roadmap. The model is expected to address the static and compliance-oriented limitations of conventional ISO 27001 assessments by introducing adaptive access control, continuous monitoring, anomaly detection readiness, and phased implementation guidance. The study contributes theoretically to cybersecurity governance in higher education and practically to risk-prioritized security improvement for resource-constrained universities.]]>
Copyrights © 2026
